View profile

今週の気になるセキュリティニュース - Issue #61

Weekly newsletter of Masafumi Negishi
Weekly newsletter of Masafumi Negishi
事件、事故
米財務省の OFAC がダークネットの取引市場である Hydra Market と暗号資産取引所 Garantex を経済制裁の対象に指定。ドイツの警察当局は Hydra のサーバを差し押さえて、2300万ユーロ相当の Bitcoin を押収した。
WASHINGTON – Today, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) sanctioned the world’s largest and most prominent darknet market, Hydra Market (Hydra), in a coordinated international effort to disrupt proliferation of malicious cybercrime services, dangerous drugs, and other illegal offerings available through the Russia-based site. The operation targeting Hydra was a collaborative initiative joined by the U.S. Department of Justice, Federal Bureau of Investigations, Drug Enforcement Administration, Internal Revenue Service Criminal Investigation, and Homeland Security Investigations. This action was enhanced by international cooperation with the German Federal Criminal Police, who today shut down Hydra servers in Germany and seized $25 million worth of bitcoin.
Die Generalstaatsanwaltschaft Frankfurt am Main – Zentralstelle zur Bekämpfung der Internetkriminalität (ZIT) – und das Bundeskriminalamt (BKA) haben am heutigen Dienstag die in Deutschland befindliche Serverinfrastruktur des weltweit größten illegalen Darknet-Marktplatzes „Hydra Market“ sichergestellt und diesen damit geschlossen. Es wurden Bitcoins in Höhe von derzeit umgerechnet ca. 23 Mio. EUR sichergestellt, welche dem Marktplatz zugerechnet werden.
Earlier today, Germany’s Central Office for Combating Cybercrime (ZIT) and the Federal Criminal Police Office (BKA) announced the take-down of the Russian-language darknet market Hydra. Elliptic’s analysis shows that the platform – which was the largest such market operating on the dark web – has facilitated over $5 billion in Bitcoin transactions since beginning operations in December 2015. 
攻擊、脅威
米司法省が Cyclops Blink ボットネットの米国内にある C2 サーバをテイクダウン
The Justice Department today announced a court-authorized operation, conducted in March 2022, to disrupt a two-tiered global botnet of thousands of infected network hardware devices under the control of a threat actor known to security researchers as Sandworm, which the U.S. government has previously attributed to the Main Intelligence Directorate of the General Staff of the Armed Forces of the Russian Federation (the GRU). The operation copied and removed malware from vulnerable internet-connected firewall devices that Sandworm used for command and control (C2) of the underlying botnet. Although the operation did not involve access to the Sandworm malware on the thousands of underlying victim devices worldwide, referred to as “bots,” the disabling of the C2 mechanism severed those bots from the Sandworm C2 devices’ control.
Shadowserver
Special Report on #CyclopsBlink re-run (post 2022-04-06 DoJ announcement): 553 IPs, 285 ASNs, 61 countries. Clear reduction in US infections, but please remediate remaining devices (subscribe to reports for notifications). Info:
https://t.co/maeLxa8nbe
https://t.co/LYNLRkbEdD https://t.co/kaaTpDdn33 https://t.co/tbwonJl204
ウクライナを狙う攻撃者グループ Strontium が利用しているドメインを Microsoft がテイクダウン
We recently observed attacks targeting Ukrainian entities from Strontium, a Russian GRU-connected actor we have tracked for years. This week, we were able to disrupt some of Strontium’s attacks on targets in Ukraine. On Wednesday April 6th, we obtained a court order authorizing us to take control of seven internet domains Strontium was using to conduct these attacks. We have since re-directed these domains to a sinkhole controlled by Microsoft, enabling us to mitigate Strontium’s current use of these domains and enable victim notifications.
警察庁が「令和3年におけるサイバー空間をめぐる脅威の情勢等について」を公表
Meta が 2022年第1四半期の Adversarial Threat Report を公開
脆弱性
VMware が Spring4Shell 脆弱性の影響を受ける複数の製品を修正
米 CISA が Known Exploited Vulnerabilities (KEV) カタログに 4+3 個の脆弱性を追加
京セラの複合機に認証なしで情報が取得可能な脆弱性 (CVE-2022-1026)
本脆弱性は、SOAPインターフェイスを利用することで、ユーザー認証が必要な設定になっているにも関わらず、ユーザー認証なしで機器が応答し、登録されているアドレス帳データが取得できる可能性があるというものです。
その他
Did you enjoy this issue? Yes No
Weekly newsletter of Masafumi Negishi
Weekly newsletter of Masafumi Negishi

Security Researcher, IIJ-SECT, SANS Instructor in Japan, OWASP Japan Advisory Board, WASForum Hardening Project, 子供たちが安心して使える安全なネット社会を実現したいですね。

In order to unsubscribe, click here.
If you were forwarded this newsletter and you like it, you can subscribe here.
Created with Revue by Twitter.