{"id":114088,"date":"2014-11-12T18:10:03","date_gmt":"2014-11-12T18:10:03","guid":{"rendered":"https:\/\/bm.dev.synology.me\/?p=114088"},"modified":"2014-11-12T18:10:03","modified_gmt":"2014-11-12T18:10:03","slug":"kaspersky-lab-despre-campania-darkhotel-directori-de-companii-devin-victime-ale-unei-echipe-de-spionaj-de-elita","status":"publish","type":"post","link":"https:\/\/bm.dev.synology.me\/?p=114088","title":{"rendered":"Kaspersky Lab despre campania &#8220;Darkhotel&#8221;: directori de companii devin victime ale unei echipe de spionaj de elit\u0103"},"content":{"rendered":"<p>\n\u0084Darkhotel\u0094 vizeaz\u0103 victime care se cazeaz\u0103 \u00een hoteluri de lux, iar echipa din spatele campaniei nu atac\u0103 aceea\u015fi persoan\u0103 de dou\u0103 ori. Oera\u0163iunile \u0084Darkhotel\u0094 sunt executate cu precizie, ob\u0163in\u00e2nd toate datele importante de la primul atac. Ulterior, atacatorii \u00ee\u015fi acoper\u0103 urmele \u015fi \u00ee\u015fi sisteaz\u0103 activit\u0103\u0163ile p\u00e2n\u0103 c\u00e2nd identific\u0103 urm\u0103toarea \u0163int\u0103. Printre victime se afl\u0103 directori de corpora\u0163ii din SUA \u015fi Asia. Amenin\u0163area este \u00eenc\u0103 activ\u0103, avertizeaz\u0103 Kaspersky Lab.<\/p>\n<p>\nMetoda de lucru \u0084Darkhotel\u0094<\/p>\n<p>\nActorul Darkhotel are o metod\u0103 eficient\u0103 de p\u0103trunde \u00een re\u0163elele hotelurilor, oferind atacatorilor un acces amplu \u015fi de lung\u0103 durat\u0103, viz\u00e2nd inclusiv sistemele considerate private \u015fi sigure. Atacatorii ac\u0163ioneaz\u0103 c\u00e2nd victimele se conecteaz\u0103 la re\u0163eaua Wi-Fi a hotelului, introduc\u00e2nd num\u0103rul camerei \u015fi numele de familie pentru logare. Infractorii cibernetici identific\u0103 victimele \u00een momentul conect\u0103rii la re\u0163eaua compromis\u0103 \u015fi le solicit\u0103 s\u0103 descarce \u015fi s\u0103 instaleze un backdoor sub forma unei actualiz\u0103ri pentru un software legitim \u0096 Google Toolbar, Adobe Flash sau Windows Messenger. Victima descarc\u0103 pachetul, infect\u00e2nd dispozitivul cu un backdoor &#8211; software-ul de spionaj cibernetic Darkhotel.<\/p>\n<p>\n\u00cen urma instal\u0103rii, backdoor-ul poate fi utilizat pentru a desc\u0103rca instrumente mai avansate cu scopul de a sustrage informa\u0163ii confiden\u0163iale: un keylogger avansat cu semn\u0103tur\u0103 digital\u0103, troianul \u0084Karba\u0094 \u015fi un modul specializat \u00een extragerea de informa\u0163ii. Aceste instrumente colecteaz\u0103 date despre sistem \u015fi despre software-ul de securitate instalat, sustrag parolele salvate \u00een Firefox, Chrome \u015fi Internet Explorer, Gmail Notifier, Twitter, Facebook, parolele de logare \u00een conturile de Yahoo! \u015fi Google, precum \u015fi alte informa\u0163ii confiden\u0163iale. Victimele risc\u0103 s\u0103 piard\u0103 informa\u0163ii importante, precum fi\u015fiere proprietate intelectual\u0103 a organiza\u0163iilor pe care le reprezint\u0103. Dup\u0103 opera\u0163iune, atacatorii \u015fterg instrumentele infiltrate \u00een re\u0163eaua hotelului \u015fi \u00ee\u015fi sisteaz\u0103 temporar opera\u0163iunile.<\/p>\n<p>\n\u0084\u00cen ultimii ani, Darkhotel a atacat cu succes oameni cu func\u0163ii importante, utiliz\u00e2nd metode \u015fi tehnici mai avansate dec\u00e2t cele utilizate \u00een atacurile tipice,\u0094 spune Kurt Baumgartner, Principal Security Researcher la Kaspersky Lab. \u0084Acest actor are competen\u0163\u0103 opera\u0163ional\u0103, capacit\u0103\u0163i matematice \u015fi de analiz\u0103 criptografic\u0103, precum \u015fi alte resurse capabile s\u0103 infecteze re\u0163ele comerciale de \u00eencredere, viz\u00e2nd diferite categorii specifice de victime cu precizie strategic\u0103\u0094, \u00eencheie Kurt Baumgartner.<\/p>\n<p>Cercet\u0103torii Kaspersky Lab au descoperit \u00eentr-un string al codului periculos Darkhotel o urm\u0103 care indic\u0103 un vorbitor de limba coreean\u0103. Produsele Kaspersky Lab detecteaz\u0103 \u015fi neutralizeaz\u0103 programele periculoase \u015fi variantele utilizate \u00een setul de instrumente Darkhotel. Kaspersky Lab colaboreaz\u0103 cu multiple organiza\u0163ii de profil pentru a rezolva cazul Darkhotel.<\/p>\n<p>\nCum pot fi evitate atacurile Darkhotel<\/p>\n<p>\n\u00cen timpul c\u0103l\u0103toriilor, orice re\u0163ea, chiar \u015fi cele semi-private din hoteluri, poate fi periculoas\u0103. Cazul Darkhotel ilustreaz\u0103 un vector de atac \u00een plin\u0103 evolu\u0163ie: persoanele care posed\u0103 informa\u0163ii valoroase pot deveni cu u\u015furin\u0163\u0103 victime Darkhotel sau ale unei opera\u0163iuni similare. Pentru a preveni aceste amenin\u0163\u0103ri, Kaspersky Lab recomand\u0103: utilizarea unui furnizor Virtual Private Network (VPN) care poate asigura un canal de comunicare criptat pentru accesarea re\u0163elelor Wi-Fi publice sau semi-publice; \u00cen c\u0103l\u0103torii, orice actualizare de software este suspicioas\u0103 \u015fi trebuie s\u0103 te asiguri c\u0103 programul este dezvoltat de un furnizor de \u00eencredere. Solu\u0163ia de securitate trebuie s\u0103 ofer\u0103 protec\u0163ie \u015fi \u00eempotriva amenin\u0163\u0103rilor nou dezvoltate, \u015fi nu doar protec\u0163ie antivirus de baz\u0103.<\/p>\n<p>\nKaspersky Lab este prezent\u0103 \u00een aproximativ 200 de \u0163\u0103ri \u015fi protejeaz\u0103 peste 300 de milioane de utilizatori din \u00eentreaga lume.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Membrii echipei Global Research and Analysis (GReAT) din cadrul companiei software ruse Kaspersky Lab au analizat campania de spionaj cibernetic &#8220;Darkhotel&#8221;, campanie activ\u0103 de cel pu\u0163in patru ani prin care sunt sustrase informa\u0163ii confiden\u0163iale de la directori de companii care c\u0103l\u0103toresc \u00een str\u0103in\u0103tate.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4139],"tags":[8225,10653,38663,7555,32507,272,201,13420,443,24266,6552,303,35346,10657,17775,7543,365,447,15650,12655,13247],"class_list":["post-114088","post","type-post","status-publish","format-standard","hentry","category-it","tag-analiza","tag-atac","tag-atacatori","tag-campanie","tag-cibernetic","tag-companie","tag-companii","tag-directori","tag-echipe","tag-elita","tag-hoteluri","tag-important","tag-informatii-confidentiale","tag-kaspersky","tag-membri","tag-retea","tag-rusia","tag-soft","tag-spionaj","tag-strainatate","tag-victime"],"_links":{"self":[{"href":"https:\/\/bm.dev.synology.me\/index.php?rest_route=\/wp\/v2\/posts\/114088","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/bm.dev.synology.me\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/bm.dev.synology.me\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/bm.dev.synology.me\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/bm.dev.synology.me\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=114088"}],"version-history":[{"count":0,"href":"https:\/\/bm.dev.synology.me\/index.php?rest_route=\/wp\/v2\/posts\/114088\/revisions"}],"wp:attachment":[{"href":"https:\/\/bm.dev.synology.me\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=114088"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/bm.dev.synology.me\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=114088"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/bm.dev.synology.me\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=114088"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}