{"id":1224,"date":"2022-06-15T14:00:48","date_gmt":"2022-06-15T07:00:48","guid":{"rendered":"https:\/\/dt-corp.com.vn\/?p=1224"},"modified":"2022-06-15T14:11:10","modified_gmt":"2022-06-15T07:11:10","slug":"tin-tac-luoyu-cua-trung-quoc-su-dung-cac-cuoc-tan-cong-man-on-the-side-de-trien-khai-windealer-backdoor","status":"publish","type":"post","link":"https:\/\/dt-corp.com.vn\/?p=1224","title":{"rendered":"Tin t\u1eb7c LuoYu c\u1ee7a Trung Qu\u1ed1c s\u1eed d\u1ee5ng c\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng Man-on-the-Side \u0111\u1ec3 tri\u1ec3n khai WinDealer Backdoor"},"content":{"rendered":"
\"team5<\/figure>\n

M\u1ed9t nh\u00f3m tin t\u1eb7c n\u00e2ng cao (APT) \u201cc\u1ef1c k\u1ef3 tinh vi\u201d n\u00f3i ti\u1ebfng Trung Qu\u1ed1c c\u00f3 t\u00ean l\u00e0 LuoYu \u0111\u00e3 \u0111\u01b0\u1ee3c ph\u00e1t hi\u1ec7n s\u1eed d\u1ee5ng m\u1ed9t c\u00f4ng c\u1ee5 Windows \u0111\u1ed9c h\u1ea1i c\u00f3 t\u00ean WinDealer \u0111\u01b0\u1ee3c ph\u00e1t t\u00e1n b\u1eb1ng c\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng man-on-the-side.<\/p>\n

C\u00f4ng ty an ninh m\u1ea1ng Kaspersky c\u1ee7a Nga\u00a0cho bi\u1ebft<\/a>\u00a0trong m\u1ed9t b\u00e1o c\u00e1o m\u1edbi \u0111\u00e2y r\u1eb1ng: \u201cS\u1ef1 ph\u00e1t tri\u1ec3n \u0111\u1ed9t ph\u00e1 n\u00e0y cho ph\u00e9p tin t\u1eb7c s\u1eeda \u0111\u1ed5i l\u01b0u l\u01b0\u1ee3ng m\u1ea1ng trong qu\u00e1 tr\u00ecnh v\u1eadn chuy\u1ec3n \u0111\u1ec3 ch\u00e8n m\u00e3 \u0111\u1ed9c. C\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng nh\u01b0 v\u1eady \u0111\u1eb7c bi\u1ec7t nguy hi\u1ec3m v\u00e0 t\u00e0n kh\u1ed1c v\u00ec ch\u00fang kh\u00f4ng y\u00eau c\u1ea7u b\u1ea5t k\u1ef3 t\u01b0\u01a1ng t\u00e1c n\u00e0o v\u1edbi m\u1ee5c ti\u00eau \u0111\u1ec3 d\u1eabn \u0111\u1ebfn l\u00e2y nhi\u1ec5m th\u00e0nh c\u00f4ng\u201d.<\/p>\n

\u0110\u01b0\u1ee3c bi\u1ebft l\u00e0 \u0111\u00e3 ho\u1ea1t \u0111\u1ed9ng t\u1eeb n\u0103m 2008, c\u00e1c t\u1ed5 ch\u1ee9c m\u00e0 LuoYu nh\u1eafm \u0111\u1ebfn ch\u1ee7 y\u1ebfu l\u00e0 c\u00e1c t\u1ed5 ch\u1ee9c ngo\u1ea1i giao n\u01b0\u1edbc ngo\u00e0i \u0111\u01b0\u1ee3c th\u00e0nh l\u1eadp t\u1ea1i Trung Qu\u1ed1c v\u00e0 c\u00e1c th\u00e0nh vi\u00ean c\u1ee7a c\u1ed9ng \u0111\u1ed3ng h\u1ecdc thu\u1eadt c\u0169ng nh\u01b0 c\u00e1c c\u00f4ng ty t\u00e0i ch\u00ednh, qu\u1ed1c ph\u00f2ng, h\u1eadu c\u1ea7n v\u00e0 vi\u1ec5n th\u00f4ng.<\/p>\n

Vi\u1ec7c LuoYu s\u1eed d\u1ee5ng\u00a0WinDealer<\/a>\u00a0l\u1ea7n \u0111\u1ea7u ti\u00ean \u0111\u01b0\u1ee3c ghi nh\u1eadn b\u1edfi c\u00f4ng ty an ninh m\u1ea1ng \u0110\u00e0i Loan\u00a0TeamT5<\/a>\u00a0t\u1ea1i H\u1ed9i ngh\u1ecb nh\u00e0 ph\u00e2n t\u00edch b\u1ea3o m\u1eadt Nh\u1eadt B\u1ea3n (JSAC) v\u00e0o th\u00e1ng 1\/2021. C\u00e1c\u00a0chi\u1ebfn d\u1ecbch t\u1ea5n c\u00f4ng ti\u1ebfp theo<\/a>\u00a0\u0111\u00e3 s\u1eed d\u1ee5ng ph\u1ea7n m\u1ec1m \u0111\u1ed9c h\u1ea1i n\u00e0y \u0111\u1ec3 nh\u1eafm v\u00e0o c\u00e1c m\u1ee5c ti\u00eau \u1edf Nh\u1eadt B\u1ea3n, v\u1edbi c\u00e1c tr\u01b0\u1eddng h\u1ee3p l\u00e2y nhi\u1ec5m bi\u1ec7t l\u1eadp \u0111\u01b0\u1ee3c b\u00e1o c\u00e1o \u1edf \u00c1o, \u0110\u1ee9c, \u1ea4n \u0110\u1ed9, Nga, v\u00e0 Hoa K\u1ef3.<\/p>\n

C\u00e1c c\u00f4ng c\u1ee5 n\u1ed5i b\u1eadt kh\u00e1c trong kho v\u0169 kh\u00ed ph\u1ea7n m\u1ec1m \u0111\u1ed9c h\u1ea1i c\u1ee7a tin t\u1eb7c \u00edt \u0111\u01b0\u1ee3c bi\u1ebft \u0111\u1ebfn h\u01a1n bao g\u1ed3m\u00a0PlugX\u00a0<\/a>v\u00e0 k\u1ebf nhi\u1ec7m c\u1ee7a n\u00f3 l\u00e0\u00a0ShadowPad<\/a>. C\u1ea3 hai \u0111\u1ec1u \u0111\u00e3 \u0111\u01b0\u1ee3c nhi\u1ec1u nh\u00f3m tin t\u1eb7c Trung Qu\u1ed1c s\u1eed d\u1ee5ng \u0111\u1ec3 th\u1ef1c hi\u1ec7n c\u00e1c m\u1ee5c ti\u00eau chi\u1ebfn l\u01b0\u1ee3c c\u1ee7a h\u1ecd. Ngo\u00e0i ra, nh\u00f3m n\u00e0y \u0111\u01b0\u1ee3c bi\u1ebft l\u00e0 nh\u1eafm v\u00e0o c\u00e1c thi\u1ebft b\u1ecb Linux, macOS v\u00e0 Android.<\/p>\n

V\u1ec1 ph\u1ea7n WinDealer, n\u00f3 tr\u01b0\u1edbc \u0111\u00e2y \u0111\u00e3 \u0111\u01b0\u1ee3c ph\u00e1t t\u00e1n th\u00f4ng qua c\u00e1c trang web ho\u1ea1t \u0111\u1ed9ng nh\u01b0 nh\u1eefng\u00a0l\u1ed7 h\u1ed5ng<\/a>\u00a0v\u00e0 d\u01b0\u1edbi d\u1ea1ng c\u00e1c \u1ee9ng d\u1ee5ng b\u1ecb nhi\u1ec5m trojan gi\u1ea3 m\u1ea1o th\u00e0nh c\u00e1c d\u1ecbch v\u1ee5 l\u01b0u tr\u1eef video v\u00e0 nh\u1eafn tin nh\u01b0 Tencent QQ v\u00e0 Youku.<\/p>\n

\"windealer\"<\/figure>\n

Tuy nhi\u00ean, vect\u01a1 l\u00e2y nhi\u1ec5m k\u1ec3 t\u1eeb \u0111\u00f3 \u0111\u00e3 \u0111\u01b0\u1ee3c thay \u0111\u1ed5i v\u1edbi m\u1ed9t ph\u01b0\u01a1ng th\u1ee9c ph\u00e1t t\u00e1n kh\u00e1c s\u1eed d\u1ee5ng c\u01a1 ch\u1ebf c\u1eadp nh\u1eadt t\u1ef1 \u0111\u1ed9ng c\u1ee7a c\u00e1c \u1ee9ng d\u1ee5ng h\u1ee3p ph\u00e1p \u0111\u01b0\u1ee3c ch\u1ecdn \u0111\u1ec3 ph\u1ee5c v\u1ee5 phi\u00ean b\u1ea3n b\u1ecb nhi\u1ec5m m\u00e3 \u0111\u1ed9c trong \u201cv\u00e0i tr\u01b0\u1eddng h\u1ee3p hi\u1ebfm hoi\u201d.<\/p>\n

WinDealer, m\u1ed9t n\u1ec1n t\u1ea3ng m\u00e3 \u0111\u1ed9c m\u00f4-\u0111un \u0111i k\u00e8m v\u1edbi t\u1ea5t c\u1ea3 c\u00e1c ti\u1ec7n \u00edch th\u01b0\u1eddng \u0111\u01b0\u1ee3c th\u1ea5y \u1edf m\u1ed9t c\u1eeda h\u1eadu truy\u1ec1n th\u1ed1ng, cho ph\u00e9p n\u00f3 thu th\u1eadp th\u00f4ng tin nh\u1ea1y c\u1ea3m, ch\u1ee5p \u1ea3nh m\u00e0n h\u00ecnh v\u00e0 th\u1ef1c hi\u1ec7n c\u00e1c l\u1ec7nh t\u00f9y \u00fd.<\/p>\n

Nh\u01b0ng \u0111i\u1ec3m kh\u00e1c bi\u1ec7t c\u1ee7a n\u00f3 l\u00e0 vi\u1ec7c s\u1eed d\u1ee5ng m\u1ed9t thu\u1eadt to\u00e1n t\u1ea1o IP ph\u1ee9c t\u1ea1p \u0111\u1ec3 ch\u1ecdn m\u1ed9t m\u00e1y ch\u1ee7 \u0111i\u1ec1u khi\u1ec3n v\u00e0 ki\u1ec3m so\u00e1t (C2) \u0111\u1ec3 k\u1ebft n\u1ed1i ng\u1eabu nhi\u00ean t\u1eeb m\u1ed9t nh\u00f3m g\u1ed3m 48.000 \u0111\u1ecba ch\u1ec9 IP.<\/p>\n

C\u00f4ng ty n\u00e0y cho bi\u1ebft: \u201cC\u00e1ch duy nh\u1ea5t \u0111\u1ec3 gi\u1ea3i th\u00edch nh\u1eefng h\u00e0nh vi d\u01b0\u1eddng nh\u01b0 kh\u00f4ng t\u01b0\u1edfng n\u00e0y l\u00e0 gi\u1ea3 \u0111\u1ecbnh v\u1ec1 s\u1ef1 t\u1ed3n t\u1ea1i c\u1ee7a m\u1ed9t k\u1ebb t\u1ea5n c\u00f4ng tr\u1ef1c di\u1ec7n, k\u1ebb c\u00f3 th\u1ec3 ch\u1eb7n t\u1ea5t c\u1ea3 l\u01b0u l\u01b0\u1ee3ng m\u1ea1ng v\u00e0 th\u1eadm ch\u00ed s\u1eeda \u0111\u1ed5i n\u00f3 n\u1ebfu c\u1ea7n\u201d.<\/p>\n

M\u1ed9t cu\u1ed9c t\u1ea5n c\u00f4ng\u00a0man-on-the-side<\/a>\u00a0(k\u1ebb b\u00ean l\u1ec1), t\u01b0\u01a1ng t\u1ef1 nh\u01b0 m\u1ed9t cu\u1ed9c t\u1ea5n c\u00f4ng man-in-the-middle (k\u1ebb \u1edf gi\u1eefa), cho ph\u00e9p hacker \u0111\u1ecdc v\u00e0 \u0111\u01b0a c\u00e1c tin nh\u1eafn t\u00f9y \u00fd v\u00e0o m\u1ed9t k\u00eanh li\u00ean l\u1ea1c, nh\u01b0ng kh\u00f4ng th\u1ec3 s\u1eeda \u0111\u1ed5i ho\u1eb7c x\u00f3a c\u00e1c tin nh\u1eafn do c\u00e1c b\u00ean kh\u00e1c g\u1eedi.<\/p>\n

C\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng man-on-the-side th\u01b0\u1eddng d\u1ef1a v\u00e0o vi\u1ec7c c\u0103n th\u1eddi gian c\u00e1c tin nh\u1eafn c\u1ee7a ch\u00fang theo c\u00e1ch m\u00e0 ph\u1ea3n h\u1ed3i \u0111\u1ed9c h\u1ea1i c\u00f3 ch\u1ee9a d\u1eef li\u1ec7u do k\u1ebb t\u1ea5n c\u00f4ng cung c\u1ea5p s\u1ebd \u0111\u01b0\u1ee3c g\u1eedi theo y\u00eau c\u1ea7u c\u1ee7a n\u1ea1n nh\u00e2n v\u1ec1 m\u00e1y ch\u1ee7 web tr\u01b0\u1edbc ph\u1ea3n h\u1ed3i th\u1ef1c s\u1ef1 t\u1eeb m\u00e1y ch\u1ee7.<\/p>\n

Chuy\u00ean gia b\u1ea3o m\u1eadt Suguru Ishimaru cho bi\u1ebft: \u201cC\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng man-on-the-side l\u00e0 c\u1ef1c k\u1ef3 t\u00e0n kh\u1ed1c v\u00ec \u0111i\u1ec1u ki\u1ec7n duy nh\u1ea5t c\u1ea7n thi\u1ebft \u0111\u1ec3 t\u1ea5n c\u00f4ng m\u1ed9t thi\u1ebft b\u1ecb l\u00e0 thi\u1ebft b\u1ecb c\u00f3 k\u1ebft n\u1ed1i v\u1edbi internet\u201d.<\/p>\n

\u201cB\u1ea5t k\u1ec3 cu\u1ed9c t\u1ea5n c\u00f4ng \u0111\u01b0\u1ee3c th\u1ef1c hi\u1ec7n nh\u01b0 th\u1ebf n\u00e0o, c\u00e1ch duy nh\u1ea5t \u0111\u1ec3 c\u00e1c n\u1ea1n nh\u00e2n ti\u1ec1m n\u0103ng t\u1ef1 v\u1ec7 l\u00e0 ph\u1ea3i h\u1ebft s\u1ee9c c\u1ea3nh gi\u00e1c v\u00e0 c\u00f3 c\u00e1c quy tr\u00ecnh b\u1ea3o m\u1eadt m\u1ea1nh m\u1ebd, ch\u1eb3ng h\u1ea1n nh\u01b0 qu\u00e9t vi-r\u00fat th\u01b0\u1eddng xuy\u00ean, ph\u00e2n t\u00edch l\u01b0u l\u01b0\u1ee3ng m\u1ea1ng chi\u1ec1u ra v\u00e0 theo d\u00f5i nh\u1eadt k\u00fd s\u00e1t sao \u0111\u1ec3 ph\u00e1t hi\u1ec7n c\u00e1c \u0111i\u1ec3m b\u1ea5t th\u01b0\u1eddng\u201d.<\/p>\n

 <\/p>\n

Theo Securitydaily<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

M\u1ed9t nh\u00f3m tin t\u1eb7c n\u00e2ng cao (APT) \u201cc\u1ef1c k\u1ef3 tinh vi\u201d n\u00f3i ti\u1ebfng Trung Qu\u1ed1c c\u00f3 t\u00ean l\u00e0 LuoYu \u0111\u00e3 \u0111\u01b0\u1ee3c ph\u00e1t hi\u1ec7n s\u1eed d\u1ee5ng m\u1ed9t c\u00f4ng c\u1ee5 Windows \u0111\u1ed9c h\u1ea1i c\u00f3 t\u00ean","protected":false},"author":3,"featured_media":1225,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[13],"tags":[],"class_list":["post-1224","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog"],"jetpack_sharing_enabled":true,"jetpack_featured_media_url":"https:\/\/dt-corp.com.vn\/wp-content\/uploads\/2022\/06\/team5-324x235-1.webp","_links":{"self":[{"href":"https:\/\/dt-corp.com.vn\/index.php?rest_route=\/wp\/v2\/posts\/1224","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/dt-corp.com.vn\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/dt-corp.com.vn\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/dt-corp.com.vn\/index.php?rest_route=\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/dt-corp.com.vn\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1224"}],"version-history":[{"count":2,"href":"https:\/\/dt-corp.com.vn\/index.php?rest_route=\/wp\/v2\/posts\/1224\/revisions"}],"predecessor-version":[{"id":1227,"href":"https:\/\/dt-corp.com.vn\/index.php?rest_route=\/wp\/v2\/posts\/1224\/revisions\/1227"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/dt-corp.com.vn\/index.php?rest_route=\/wp\/v2\/media\/1225"}],"wp:attachment":[{"href":"https:\/\/dt-corp.com.vn\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1224"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/dt-corp.com.vn\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1224"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/dt-corp.com.vn\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1224"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}