{"id":913,"date":"2024-03-07T22:59:53","date_gmt":"2024-03-07T20:59:53","guid":{"rendered":"https:\/\/techlance.ddns.net\/?p=913"},"modified":"2024-03-07T23:01:17","modified_gmt":"2024-03-07T21:01:17","slug":"spinning-yarn-uusi-linux-haittaohjelmakampanja","status":"publish","type":"post","link":"https:\/\/techlance.ddns.net\/en\/spinning-yarn-uusi-linux-haittaohjelmakampanja\/","title":{"rendered":"Spinning YARN &#8211; Uusi Linux-haittaohjelmakampanja"},"content":{"rendered":"<p>Spinning YARN &#8211; Uusi Linux-haittaohjelmakampanja kohdistuu Dockeriin, Apache Hadoopiin, Redisiin ja Confluenceen<\/p>\n\n\n\n<p>Cado Security Labsin tutkijat ovat \u00e4skett\u00e4in kohdanneet nousevan haittaohjelmakampanjan, joka kohdistuu v\u00e4\u00e4rin konfiguroituihin palvelimiin, joissa py\u00f6rii seuraavia web-palveluja: Apache Hadoop, YARN, Docker, Confluence ja Redis. Kampanja hy\u00f6dynt\u00e4\u00e4 useita ainutlaatuisia ja raportoimattomia kuormia, mukaan lukien nelj\u00e4 Golang-binaaria, jotka toimivat ty\u00f6kaluina is\u00e4ntien l\u00f6yt\u00e4miseen ja tartuttamiseen, joissa py\u00f6rii edell\u00e4 mainitut palvelut. Hy\u00f6kk\u00e4\u00e4j\u00e4t k\u00e4ytt\u00e4v\u00e4t n\u00e4it\u00e4 ty\u00f6kaluja hyv\u00e4kseen l\u00e4hett\u00e4\u00e4kseen hyv\u00e4ksik\u00e4ytt\u00f6koodia, hy\u00f6dynt\u00e4en yleisi\u00e4 v\u00e4\u00e4rinkonfigurointeja ja hy\u00f6dynt\u00e4en n-p\u00e4iv\u00e4n haavoittuvuutta, suorittaakseen et\u00e4koodin suorittamisen (RCE) hy\u00f6kk\u00e4yksi\u00e4 ja tartuttaakseen uusia is\u00e4nti\u00e4.<\/p>\n\n\n\n<p>Kun alkuper\u00e4inen p\u00e4\u00e4sy on saavutettu, k\u00e4ytet\u00e4\u00e4n joukkoa komentosarjoja ja yleisi\u00e4 Linux-hy\u00f6kk\u00e4ystekniikoita toimittamaan kryptovaluutan louhija, k\u00e4ynnist\u00e4m\u00e4\u00e4n k\u00e4\u00e4nteinen kuori ja mahdollistamaan pysyv\u00e4 p\u00e4\u00e4sy kompromissoiduille is\u00e4nnille.<\/p>\n\n\n\n<p>Cado Security Labs researchers have recently encountered an emerging malware campaign targeting misconfigured servers running the following web-facing services: Apache Hadoop, YARN, Docker, Confluence and Redis. The campaign utilises a number of unique and unreported payloads, including four Golang binaries, that serve as tools to automate the discovery and infection of hosts running the above services. The attackers leverage these tools to issue exploit code, taking advantage of common misconfigurations and exploiting an n-day vulnerability, to conduct Remote Code Execution (RCE) attacks and infect new hosts. Once initial access is achieved, a series of shell scripts and general Linux attack techniques are used to deliver a cryptocurrency miner, spawn a reverse shell and enable persistent access to the compromised hosts<\/p>\n\n\n\n<p><a href=\"https:\/\/www.cadosecurity.com\/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence\/\">https:\/\/www.cadosecurity.com\/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence\/<\/a><\/p>","protected":false},"excerpt":{"rendered":"<p>Spinning YARN &#8211; Uusi Linux-haittaohjelmakampanja kohdistuu Dockeriin, Apache Hadoopiin, Redisiin ja Confluenceen Cado Security Labsin tutkijat ovat \u00e4skett\u00e4in kohdanneet nousevan [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[9],"tags":[15],"class_list":["post-913","post","type-post","status-publish","format-standard","hentry","category-security","tag-tietoturva"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/techlance.ddns.net\/en\/wp-json\/wp\/v2\/posts\/913","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/techlance.ddns.net\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/techlance.ddns.net\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/techlance.ddns.net\/en\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/techlance.ddns.net\/en\/wp-json\/wp\/v2\/comments?post=913"}],"version-history":[{"count":0,"href":"https:\/\/techlance.ddns.net\/en\/wp-json\/wp\/v2\/posts\/913\/revisions"}],"wp:attachment":[{"href":"https:\/\/techlance.ddns.net\/en\/wp-json\/wp\/v2\/media?parent=913"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/techlance.ddns.net\/en\/wp-json\/wp\/v2\/categories?post=913"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/techlance.ddns.net\/en\/wp-json\/wp\/v2\/tags?post=913"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}