当前位置:首页 > 报告详情

防火墙遭受重创:中国五年多来不断渗透外围网络防御.pdf

上传人: 竿*** 编号:981968 2025-11-29 65页 6.72MB

1、#BHUSA BlackHatEventsFirewalls Under FireChinas ongoing campaign to compromise network protection devices worldwideAndrew Brandt#BHUSA BlackHatEventsAbout meThreat research at Webroot,Solera Networks,Blue Coat,Symantec,Sophos,NetcraftMalware and network forensics,retrospective attack analysis“Invest

2、igative cyberattack journalism”Elect More HackersWorld Cyber Health/Malware VillageMalware VillageMedia Archaeology Lab(CU Boulder)#BHUSA BlackHatEventsContextTimespan for these events is from 2018 2024(ish)Sophos X-Ops sits at the intersection of(and now encompasses)several teams of analysts and re

3、searchersResearch conducted by many of my former peers and colleagues,compiled by me&X-OpsToo many technical details to cover in 40 minutes#BHUSA BlackHatEventsDramatis PersonaeFirewall vendorsOther security companiesChengdu,Sichuan,ChinaIndividual threat actorsCompaniesA universityFirewalls and oth

4、er edge devicesBare metal and virtual devices#BHUSA BlackHatEventsAttack phases/epochsInitial attack&recon:2018-2019Mass-attack phase:2020-2021Targeted attacks and recurring use of old exploits with new payloads:2021-2024Research published October 2024Attacks ongoingSource:FBI#BHUSA BlackHatEventsPu

5、blic disclosureCloud Snooper(2020)“Asnark”public attacks(2020)Bookmark feature buffer overflow(2021)Personal Panda(2022)Covert Channels(2023)“Pacific Rim”encompassing these plus previously undisclosed campaigns(2024)Source:Sophos#BHUSA BlackHatEventsWhy“Pacific Rim?”Cloud Snooper(2020)aka Arizona“As

6、nark”(2020)aka MexicoBookmark feature buffer overflow(2021)aka BajaPersonal Panda(2022)aka AlaskaCVE-2022-3236(2022)aka YukonCovert Channels(2023)“Alaska part 2”#BHUSA BlackHatEventsPhase zero:The break-inSource:Sophos/Sergei Shevchenko#BHUSA BlackHatEventsThe first dominoNUC in Cyberoam office The

word格式文档无特别注明外均可编辑修改,预览文件经过压缩,下载原文更清晰!
三个皮匠报告文库所有资源均是客户上传分享,仅供网友学习交流,未经上传用户书面授权,请勿作商用。
根据《Firewalls Under Fire》报告,以下为全文主要内容的关键点: 1. **攻击时间线**:2018-2024年间,中国黑客针对全球网络保护设备进行攻击。 2. **攻击阶段**:包括初始攻击与侦察(2018-2019)、大规模攻击(2020-2021)、针对性攻击及旧漏洞新载荷(2021-2024)。 3. **攻击工具**:Cloud Snooper、Asnarök、Personal Panda、Covert Channels等。 4. **攻击目标**:包括防火墙厂商、安全公司、中国成都等地、个人威胁行为者、公司、大学等。 5. **攻击手段**:利用漏洞、植入恶意软件、窃取配置信息、建立持久连接等。 6. **攻击影响**:影响全球多个防火墙,包括Sophos、Cyberoam等。 7. **防御措施**:安全公司发布补丁、引入新的遥测能力、使用内核植入工具等。 8. **攻击者特征**:部分攻击者使用特定域名、注册信息、VPN等手段隐藏身份。 9. **攻击动机**:可能涉及政治、经济、间谍活动等目的。
防火墙攻击内幕" 中国黑客如何攻陷防火墙?" 追踪中国黑客的攻击轨迹"
客服
商务合作
小程序
服务号
折叠