{"id":3558,"date":"2021-10-13T21:07:06","date_gmt":"2021-10-13T20:07:06","guid":{"rendered":"https:\/\/sajberinfo.com\/2022\/11\/21\/text-99\/"},"modified":"2022-12-04T13:38:53","modified_gmt":"2022-12-04T12:38:53","slug":"windows-0-day-ranjivost-iskoristava-kineski-apt","status":"publish","type":"post","link":"https:\/\/sajberinfo.com\/en\/2021\/10\/13\/windows-0-day-ranjivost-iskoristava-kineski-apt\/","title":{"rendered":"Windows 0-day ranjivost iskori\u0161tava kineski APT"},"content":{"rendered":"<p class=\"MsoNormal\" style=\"text-align: left;\"><span style=\"font-size: 14pt;\"><span style=\"font-family: inherit;\"><a href=\"https:\/\/sajberinfo.com\/en\/2020\/12\/08\/apt-sponzorisani-napadi\/\" target=\"_blank\" rel=\"noopener\"><i>APT<\/i> grupa<\/a> sa kineskog govornog podru\u010dja pod nazivom <i>IronHusky<\/i> koja je prvi put primije\u0107ena 2017. godine od strane <a href=\"https:\/\/securelist.com\/apt-trends-report-q3-2017\/83162\/\" target=\"_blank\" rel=\"noopener\">kompanije <i>Kaspersky<\/i><\/a>, sada\u00a0 iskori\u0161tava <i>Windows 0-day<\/i> ranjivost operativnog sistema.<\/span><\/span><\/p>\n<div id=\"attachment_3663\" style=\"width: 1034px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-3663\" class=\"size-full wp-image-3663\" src=\"https:\/\/sajberinfo.com\/wp-content\/uploads\/2022\/11\/kineski-apt-1024x768-1.jpg\" alt=\"chinese apt group\" width=\"1024\" height=\"682\" srcset=\"https:\/\/sajberinfo.com\/wp-content\/uploads\/2022\/11\/kineski-apt-1024x768-1.jpg 1024w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2022\/11\/kineski-apt-1024x768-1-300x200.jpg 300w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2022\/11\/kineski-apt-1024x768-1-768x512.jpg 768w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2022\/11\/kineski-apt-1024x768-1-18x12.jpg 18w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><p id=\"caption-attachment-3663\" class=\"wp-caption-text\">Advanced persistent threat \u2013 APT grupa<\/p><\/div>\n<p class=\"MsoNormal\" style=\"text-align: left;\"><span style=\"font-size: 14pt;\"><span style=\"font-family: inherit;\">\u00a0<\/span><\/span><span style=\"font-size: 14pt;\"><span style=\"font-family: inherit;\">Ova grupa koristi <i>privilege escalation<\/i>ranjivosti kako bi dobijanjem najvi\u0161ih korisni\u010dkih privilegija u <i>Windows<\/i> okru\u017eenje ubacila <i>MysterySnail<\/i> <a href=\"https:\/\/sajberinfo.com\/en\/2021\/09\/26\/malware\/\" target=\"_blank\" rel=\"noopener\">zlonamjerni softver<\/a> za daljinsku kontrolu (<i>RAT<\/i>). Ovaj zlonamjerni softver iskori\u0161tava ranjivost u <i>Windows<\/i>korisni\u010dkim i serverskim operativnim sistemima od <i>Windows 7<\/i> i <i>Windows Server 2008<\/i> do zadnjih verzija <i>Windows 11<\/i>i <i>Windows Server 2022<\/i> koji nisu a\u017eurirani na ranjivost ozna\u010denu kao <i><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2021-40449\" target=\"_blank\" rel=\"noopener\">CVE-2021-40449<\/a><\/i>.<\/span><\/span><\/p>\n<p class=\"MsoNormal\" style=\"text-align: left;\"><span style=\"font-size: 14pt;\"><span style=\"font-family: inherit;\"><i>MysterySnail RAT<\/i> je dizajniran da prikuplja i \u0161alje informacije iz kompromitovanog sistema, prije nego \u0161to uspostavi komunikaciju sa komandnim serverom (<i>C2C<\/i>). Pored toga, ima mogu\u0107nost zamjene procesa, ga\u0161enja teku\u0107ih procesa i aktivacije <i>proxy<\/i> servera sa oko 50 istovremenih konekcija. Vi\u0161e detalja se mo\u017ee prona\u0107i u <a href=\"https:\/\/securelist.com\/mysterysnail-attacks-with-windows-zero-day\/104509\/\" target=\"_blank\" rel=\"noopener\"><i>Kaspersky<\/i> izve\u0161ataju ovdje<\/a>. Kako bi se korisnici za\u0161titi, potrebno je primijeniti zadnja sistemska a\u017euriranja za operativni sistem Windows \u2013 vi\u0161e informacija <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-us\" target=\"_blank\" rel=\"noopener\">ovdje<\/a>.<\/span><\/span><\/p>","protected":false},"excerpt":{"rendered":"<p>APT grupa sa kineskog govornog podru\u010dja pod nazivom IronHusky koja je prvi put primije\u0107ena 2017. godine od strane kompanije Kaspersky, sada\u00a0 iskori\u0161tava Windows 0-day ranjivost operativnog sistema. \u00a0Ova grupa koristi privilege escalationranjivosti kako bi&#46;&#46;&#46;<\/p>","protected":false},"author":1,"featured_media":3663,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[138,62,130,167,145,166,126,143,121,120,169,170,168],"class_list":["post-3558","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-hronike","tag-advanced-persistent-threat","tag-apt","tag-microsoft","tag-privilege-escalation","tag-rat","tag-server","tag-vulnerability","tag-windows","tag-windows-10","tag-windows-11","tag-windows-7","tag-windows-server-2008","tag-windows-server-2022"],"_links":{"self":[{"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/posts\/3558","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/comments?post=3558"}],"version-history":[{"count":0,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/posts\/3558\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/media\/3663"}],"wp:attachment":[{"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/media?parent=3558"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/categories?post=3558"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/tags?post=3558"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}