{"id":7288,"date":"2024-10-20T20:19:47","date_gmt":"2024-10-20T18:19:47","guid":{"rendered":"https:\/\/sajberinfo.com\/?p=7288"},"modified":"2024-10-20T20:19:47","modified_gmt":"2024-10-20T18:19:47","slug":"raptor-train-botnet-inficirao-12-miliona","status":"publish","type":"post","link":"https:\/\/sajberinfo.com\/en\/2024\/10\/20\/raptor-train-botnet-inficirao-12-miliona\/","title":{"rendered":"Raptor Train botnet inficirao 1,2 miliona ure\u0111aja"},"content":{"rendered":"<p><span style=\"font-size: 14pt;\"><em>Raptor Train <a href=\"https:\/\/sajberinfo.com\/en\/2022\/04\/24\/botnet\/\" target=\"_blank\" rel=\"nofollow noopener\">botnet<\/a><\/em> je sofisticirana, vi\u0161eslojna infrastruktura za komandu i kontrolu (<em>C2<\/em>) koja prvenstveno cilja modeme, rutere, <em>IP<\/em> kamere, <em>NAS<\/em> ure\u0111aje i druge <em>IoT<\/em> ure\u0111aje. Utvr\u0111eno je da ovaj <em>botnet<\/em>, povezan sa hakerima koje sponzori\u0161e dr\u017eava, poznatim kao <em>Flax<\/em> <em>Typhoon<\/em>, kontrolisao preko 1,2 miliona kompromitovanih ure\u0111aja \u0161irom sveta, sa pribli\u017eno 385.000 samo u Sjedinjenim Ameri\u010dkim Dr\u017eavama.<\/span><\/p>\n<div id=\"attachment_7292\" style=\"width: 1034px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-7292\" class=\"size-full wp-image-7292\" src=\"https:\/\/sajberinfo.com\/wp-content\/uploads\/2024\/10\/Raptor-Train-Botnet.jpg\" alt=\"Raptor Train\" width=\"1024\" height=\"1024\" srcset=\"https:\/\/sajberinfo.com\/wp-content\/uploads\/2024\/10\/Raptor-Train-Botnet.jpg 1024w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2024\/10\/Raptor-Train-Botnet-300x300.jpg 300w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2024\/10\/Raptor-Train-Botnet-150x150.jpg 150w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2024\/10\/Raptor-Train-Botnet-768x768.jpg 768w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2024\/10\/Raptor-Train-Botnet-12x12.jpg 12w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2024\/10\/Raptor-Train-Botnet-80x80.jpg 80w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2024\/10\/Raptor-Train-Botnet-320x320.jpg 320w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><p id=\"caption-attachment-7292\" class=\"wp-caption-text\"><em>Raptor Train botnet inficirao 1,2 miliona ure\u0111aja; Source: Bing Image Creator<\/em><\/p><\/div>\n\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_84 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Sadr\u017eaj<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #ffffff;color:#ffffff\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewbox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #ffffff;color:#ffffff\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewbox=\"0 0 24 24\" version=\"1.2\" baseprofile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/sajberinfo.com\/en\/2024\/10\/20\/raptor-train-botnet-inficirao-12-miliona\/#RAPTOR_TRAIN_BOTNET\" >RAPTOR TRAIN BOTNET<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/sajberinfo.com\/en\/2024\/10\/20\/raptor-train-botnet-inficirao-12-miliona\/#Statistika_inficiranih_uredaja\" >Statistika inficiranih ure\u0111aja<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/sajberinfo.com\/en\/2024\/10\/20\/raptor-train-botnet-inficirao-12-miliona\/#Funkcionisanje\" >Funkcionisanje<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/sajberinfo.com\/en\/2024\/10\/20\/raptor-train-botnet-inficirao-12-miliona\/#Raptor_Train_demontaza\" >Raptor Train demonta\u017ea<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/sajberinfo.com\/en\/2024\/10\/20\/raptor-train-botnet-inficirao-12-miliona\/#FLAX_TYPHOON\" >FLAX TYPHOON<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/sajberinfo.com\/en\/2024\/10\/20\/raptor-train-botnet-inficirao-12-miliona\/#ZAKLJUCAK\" >ZAKLJU\u010cAK<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/sajberinfo.com\/en\/2024\/10\/20\/raptor-train-botnet-inficirao-12-miliona\/#ZASTITA\" >ZA\u0160TITA<\/a><\/li><\/ul><\/nav><\/div>\n<h2><span class=\"ez-toc-section\" id=\"RAPTOR_TRAIN_BOTNET\"><\/span><strong><em>RAPTOR TRAIN<\/em> <em>BOTNET<\/em><\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span style=\"font-size: 14pt;\">Ovu prijetnju su <a href=\"https:\/\/blog.lumen.com\/derailing-the-raptor-train\/\" target=\"_blank\" rel=\"noopener\">otkrili sigurnosni istra\u017eiva\u010di kompanije <\/a><a href=\"https:\/\/blog.lumen.com\/derailing-the-raptor-train\/\" target=\"_blank\" rel=\"noopener\"><em>otkrili sigurnosni istra\u017eiva\u010di kompanije Lumen Technologies<\/em><\/a> sredinom 2023. godine i dokumentovali je <a href=\"https:\/\/assets.lumen.com\/is\/content\/Lumen\/raptor-train-handbook-copy?Creativeid=17b819e2-06d1-4f29-a43f-a4e01b4a4fba\" target=\"_blank\" rel=\"noopener\">u svom izvje\u0161taju<\/a> objavljenom krajem septembra 2024. godine. <a href=\"https:\/\/sajberinfo.com\/en\/2022\/02\/27\/hakeri-eticki-hakeri-epizoda-2\/\" target=\"_blank\" rel=\"nofollow noopener\">Sigurnosni istra\u017eiva\u010di<\/a> su identifikovali i opse\u017eno prou\u010davali <em>botnet<\/em> <em>Raptor Train<\/em>, koi predstavlja ozbiljnu sajber prijetnju povezanu sa hakerima koje sponzori\u0161e dr\u017eava. Ova sofisticirana mre\u017ea, povezana je <em>Flax<\/em> <em>Typhoon <\/em>grupom preko <em>Integrity Technology Group<\/em> (<em>Integrity<\/em> <em>Tech<\/em>) u Kini, poznata je po velikoj kontroli nad kompromitovanim ure\u0111ajima \u0161irom sveta.<\/span><\/p>\n<p><span style=\"font-size: 14pt;\"><em>Botnet<\/em> arhitektura je dizajnirana da rukuje vi\u0161estrukim komandnim i kontrolnim <em>(C2)<\/em> serverima, sa desetinama hiljada aktivnih ure\u0111aja <em>Nivo 1<\/em> kada su anga\u017eovani u kampanjama. Ovi ure\u0111aji uklju\u010duju razli\u010dite vrste modema, rutera, <em>IP<\/em> kamera, mre\u017enog skladi\u0161tenja (<em>NAS<\/em>) i drugih ure\u0111aja za internet stvari (<em>IoT<\/em>) proizvo\u0111a\u010da kao \u0161to su <em>ActionTec<\/em> <em>PK5000<\/em>, <em>ASUS<\/em>, <em>TP<\/em>&#8211;<em>LINK<\/em>, <em>DrayTek<\/em> <em>Vigor<\/em>, <em>Hikvision<\/em>, <em>QNAP<\/em>, <em>Synology<\/em>, izme\u0111u ostalih.<\/span><\/p>\n<p>&nbsp;<\/p>\n<blockquote><p><span style=\"font-size: 14pt;\">\u201c<em>Flax<\/em> <em>Typhoon<\/em> je ciljao kriti\u010dnu infrastrukturu \u0161irom SAD i inostranstva, sve od korporacija i medijskih organizacija do univerziteta i vladinih agencija. Kao i <a href=\"https:\/\/sajberinfo.com\/en\/2024\/02\/19\/volt-typhoon-u-kriticnim-sistemima\/\" target=\"_blank\" rel=\"nofollow noopener\"><em>Volt<\/em> <em>Typhoon<\/em><\/a>, koristili su ure\u0111aje povezane sa Internetom, ovoga puta stotine hiljada njih, da kreiraju botnet koji im je pomogao da kompromituju sisteme i eksfiltriraju povjerljive podatke. <em>Flax<\/em> <em>Typhoon <\/em>postupci najeli su pravu \u0161tetu njegovim \u017ertvama koje su morale da posvete dragocjeno vreme da o\u010diste nered.\u201d<\/span><\/p>\n<p style=\"text-align: right;\"><span style=\"font-size: 14pt;\">&#8211; <a href=\"https:\/\/www.youtube.com\/watch?v=mmVUVp3iJ8o\" target=\"_blank\" rel=\"noopener\"><em>FBI Director Christopher Wray, Aspen Cyber Summit<\/em><\/a> &#8211;<\/span><\/p>\n<\/blockquote>\n<p>&nbsp;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Statistika_inficiranih_uredaja\"><\/span><strong>Statistika inficiranih ure\u0111aja<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><span style=\"font-size: 14pt;\">Sa arhitekturom koja mo\u017ee da podnese vi\u0161e od 60 <em>C2<\/em> servera i botovima kojima upravlja, <em>Raptor Train<\/em> obi\u010dno ima desetine hiljada aktivnih ure\u0111aja <em>Nivo 1<\/em> kada je anga\u017eovan u kampanjama. Ovaj nivo se sastoji od kompromitovanih <em>SOHO<\/em> i <em>IoT<\/em> ure\u0111aja, uklju\u010duju\u0107i modeme, rutere, <em>IP<\/em> kamere, <em>NVR\/DVR<\/em> ure\u0111aje i NAS ure\u0111aje. Ovo uklju\u010duje, ali ne mora biti ograni\u010deno na sljede\u0107e:<\/span><\/p>\n<p>&nbsp;<\/p>\n<ul>\n<li><span style=\"font-size: 14pt;\">Modemi\/Ruteri:<\/span>\n<ul>\n<li><span style=\"font-size: 14pt;\"><em>ActionTec PK5000,<\/em><\/span><\/li>\n<li><span style=\"font-size: 14pt;\"><em>ASUS RT-*\/GT-*\/ZenWifi <\/em><\/span><\/li>\n<li><span style=\"font-size: 14pt;\"><em>TP-LINK <\/em><\/span><\/li>\n<li><span style=\"font-size: 14pt;\"><em>DrayTek Vigor <\/em><\/span><\/li>\n<li><span style=\"font-size: 14pt;\"><em>Tenda Wireless <\/em><\/span><\/li>\n<li><span style=\"font-size: 14pt;\"><em>Ruijie <\/em><\/span><\/li>\n<li><span style=\"font-size: 14pt;\"><em>Zyxel USG* <\/em><\/span><\/li>\n<li><span style=\"font-size: 14pt;\"><em>Ruckus Wireless <\/em><\/span><\/li>\n<li><span style=\"font-size: 14pt;\"><em>VNPT iGate<\/em><\/span><\/li>\n<li><span style=\"font-size: 14pt;\"><em>Mikrotik<\/em><\/span><\/li>\n<li><span style=\"font-size: 14pt;\"><em>TOTOLINK<\/em><\/span><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<ul>\n<li><span style=\"font-size: 14pt;\"><em>IP<\/em> kamere:<\/span>\n<ul>\n<li><span style=\"font-size: 14pt;\"><em>D-LINK DCS-* <\/em><\/span><\/li>\n<li><span style=\"font-size: 14pt;\"><em>Hikvision <\/em><\/span><\/li>\n<li><span style=\"font-size: 14pt;\"><em>Mobotix <\/em><\/span><\/li>\n<li><span style=\"font-size: 14pt;\"><em>NUUO <\/em><\/span><\/li>\n<li><span style=\"font-size: 14pt;\"><em>AXIS <\/em><\/span><\/li>\n<li><span style=\"font-size: 14pt;\"><em>Panasonic <\/em><\/span><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<ul>\n<li><span style=\"font-size: 14pt;\"><em>NVR\/DVR<\/em> ure\u0111aji:<\/span>\n<ul>\n<li><span style=\"font-size: 14pt;\"><em>Shenzhen TVT NVRs\/DVRs <\/em><\/span><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<ul>\n<li><span style=\"font-size: 14pt;\"><em>NAS<\/em> ure\u0111aji:<\/span>\n<ul>\n<li><span style=\"font-size: 14pt;\"><em>QNAP (TS Series) <\/em><\/span><\/li>\n<li><span style=\"font-size: 14pt;\"><em>Fujitsu <\/em><\/span><\/li>\n<li><span style=\"font-size: 14pt;\"><em>Synology <\/em><\/span><\/li>\n<li><span style=\"font-size: 14pt;\"><em>Zyxel <\/em><\/span><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p><span style=\"font-size: 14pt;\">Vi\u0161e od polovine <em>Raptor Train <\/em>zara\u017eenih ure\u0111aja nalazilo se u Sjevernoj Americi, a jo\u0161 25 odsto u Evropi:<\/span><\/p>\n<table style=\"border-style: solid; width: 100%; border-color: #000000; height: 196px;\" width=\"100%\">\n<tbody>\n<tr style=\"border-style: solid; border-color: #000000;\">\n<td style=\"border-style: solid; border-color: #000000; height: 28px;\" width=\"236\"><span style=\"font-size: 14pt;\"><strong>Kontinent<\/strong><\/span><\/td>\n<td style=\"border-style: solid; border-color: #000000; height: 28px;\" width=\"236\"><span style=\"font-size: 14pt;\"><strong>Broj \u010dvorova<\/strong><\/span><\/td>\n<td style=\"border-style: solid; border-color: #000000; height: 28px;\" width=\"236\"><span style=\"font-size: 14pt;\"><strong>Procenat<\/strong><\/span><\/td>\n<\/tr>\n<tr style=\"border-style: solid; border-color: #000000;\">\n<td style=\"border-style: solid; border-color: #000000; height: 28px;\" width=\"236\"><span style=\"font-size: 14pt;\">Sjeverna Amerika<\/span><\/td>\n<td style=\"border-style: solid; border-color: #000000; height: 28px;\" width=\"236\"><span style=\"font-size: 14pt;\">135,300<\/span><\/td>\n<td style=\"border-style: solid; border-color: #000000; height: 28px;\" width=\"236\"><span style=\"font-size: 14pt;\">51.3%<\/span><\/td>\n<\/tr>\n<tr style=\"border-style: solid; border-color: #000000;\">\n<td style=\"border-style: solid; border-color: #000000; height: 28px;\" width=\"236\"><span style=\"font-size: 14pt;\">Evropa<\/span><\/td>\n<td style=\"border-style: solid; border-color: #000000; height: 28px;\" width=\"236\"><span style=\"font-size: 14pt;\">65,600<\/span><\/td>\n<td style=\"border-style: solid; border-color: #000000; height: 28px;\" width=\"236\"><span style=\"font-size: 14pt;\">24.9%<\/span><\/td>\n<\/tr>\n<tr style=\"border-style: solid; border-color: #000000;\">\n<td style=\"border-style: solid; border-color: #000000; height: 28px;\" width=\"236\"><span style=\"font-size: 14pt;\">Azija<\/span><\/td>\n<td style=\"border-style: solid; border-color: #000000; height: 28px;\" width=\"236\"><span style=\"font-size: 14pt;\">50,400<\/span><\/td>\n<td style=\"border-style: solid; border-color: #000000; height: 28px;\" width=\"236\"><span style=\"font-size: 14pt;\">19.1%<\/span><\/td>\n<\/tr>\n<tr style=\"border-style: solid; border-color: #000000;\">\n<td style=\"border-style: solid; border-color: #000000; height: 28px;\" width=\"236\"><span style=\"font-size: 14pt;\">Afrika<\/span><\/td>\n<td style=\"border-style: solid; border-color: #000000; height: 28px;\" width=\"236\"><span style=\"font-size: 14pt;\">9,200<\/span><\/td>\n<td style=\"border-style: solid; border-color: #000000; height: 28px;\" width=\"236\"><span style=\"font-size: 14pt;\">3.5%<\/span><\/td>\n<\/tr>\n<tr style=\"border-style: solid; border-color: #000000;\">\n<td style=\"border-style: solid; border-color: #000000; height: 28px;\" width=\"236\"><span style=\"font-size: 14pt;\">Okeanija<\/span><\/td>\n<td style=\"border-style: solid; border-color: #000000; height: 28px;\" width=\"236\"><span style=\"font-size: 14pt;\">2,400<\/span><\/td>\n<td style=\"border-style: solid; border-color: #000000; height: 28px;\" width=\"236\"><span style=\"font-size: 14pt;\">0.9%<\/span><\/td>\n<\/tr>\n<tr style=\"border-style: solid; border-color: #000000;\">\n<td style=\"border-style: solid; border-color: #000000; height: 28px;\" width=\"236\"><span style=\"font-size: 14pt;\">Ju\u017ena Amerika<\/span><\/td>\n<td style=\"border-style: solid; border-color: #000000; height: 28px;\" width=\"236\"><span style=\"font-size: 14pt;\">800<\/span><\/td>\n<td style=\"border-style: solid; border-color: #000000; height: 28px;\" width=\"236\"><span style=\"font-size: 14pt;\">0.3%<\/span><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>&nbsp;<\/p>\n<p><span style=\"font-size: 14pt;\"><em>Raptor Train<\/em> koncentracija po zemljama:<\/span><\/p>\n<table style=\"height: 560px; width: 100%; border-style: solid; border-color: #000000;\" width=\"100%\">\n<tbody>\n<tr style=\"border-style: solid; border-color: #000000;\">\n<td style=\"border-style: solid; border-color: #000000; height: 28px;\" width=\"236\"><span style=\"font-size: 14pt;\"><strong>Zemlja<\/strong><\/span><\/td>\n<td style=\"border-style: solid; border-color: #000000; height: 28px;\" width=\"236\"><span style=\"font-size: 14pt;\"><strong>Broj \u010dvorova<\/strong><\/span><\/td>\n<td style=\"border-style: solid; border-color: #000000; height: 28px;\" width=\"236\"><span style=\"font-size: 14pt;\"><strong>Procenat<\/strong><\/span><\/td>\n<\/tr>\n<tr style=\"border-style: solid; border-color: #000000;\">\n<td style=\"border-style: solid; border-color: #000000; height: 28px;\" width=\"236\"><span style=\"font-size: 14pt;\">Sjedinjene Ameri\u010dke Dr\u017eave<\/span><\/td>\n<td style=\"border-style: solid; border-color: #000000; height: 28px;\" width=\"236\"><span style=\"font-size: 14pt;\">126,000<\/span><\/td>\n<td style=\"border-style: solid; border-color: #000000; height: 28px;\" width=\"236\"><span style=\"font-size: 14pt;\">47.9%<\/span><\/td>\n<\/tr>\n<tr style=\"border-style: solid; border-color: #000000;\">\n<td style=\"border-style: solid; border-color: #000000; height: 28px;\" width=\"236\"><span style=\"font-size: 14pt;\">Vijetnam<\/span><\/td>\n<td style=\"border-style: solid; border-color: #000000; height: 28px;\" width=\"236\"><span style=\"font-size: 14pt;\">21,100<\/span><\/td>\n<td style=\"border-style: solid; border-color: #000000; height: 28px;\" width=\"236\"><span style=\"font-size: 14pt;\">8.0%<\/span><\/td>\n<\/tr>\n<tr style=\"border-style: solid; border-color: #000000;\">\n<td style=\"border-style: solid; border-color: #000000; height: 28px;\" width=\"236\"><span style=\"font-size: 14pt;\">Njema\u010dka<\/span><\/td>\n<td style=\"border-style: solid; border-color: #000000; height: 28px;\" width=\"236\"><span style=\"font-size: 14pt;\">18,900<\/span><\/td>\n<td style=\"border-style: solid; border-color: #000000; height: 28px;\" width=\"236\"><span style=\"font-size: 14pt;\">7.2%<\/span><\/td>\n<\/tr>\n<tr style=\"border-style: solid; border-color: #000000;\">\n<td style=\"border-style: solid; border-color: #000000; height: 28px;\" width=\"236\"><span style=\"font-size: 14pt;\">Rumunija<\/span><\/td>\n<td style=\"border-style: solid; border-color: #000000; height: 28px;\" width=\"236\"><span style=\"font-size: 14pt;\">9,600<\/span><\/td>\n<td style=\"border-style: solid; border-color: #000000; height: 28px;\" width=\"236\"><span style=\"font-size: 14pt;\">3.7%<\/span><\/td>\n<\/tr>\n<tr style=\"border-style: solid; border-color: #000000;\">\n<td style=\"border-style: solid; border-color: #000000; height: 28px;\" width=\"236\"><span style=\"font-size: 14pt;\">Hong Kong<\/span><\/td>\n<td style=\"border-style: solid; border-color: #000000; height: 28px;\" width=\"236\"><span style=\"font-size: 14pt;\">9,400<\/span><\/td>\n<td style=\"border-style: solid; border-color: #000000; height: 28px;\" width=\"236\"><span style=\"font-size: 14pt;\">3.6%<\/span><\/td>\n<\/tr>\n<tr style=\"border-style: solid; border-color: #000000;\">\n<td style=\"border-style: solid; border-color: #000000; height: 28px;\" width=\"236\"><span style=\"font-size: 14pt;\">Kanada<\/span><\/td>\n<td style=\"border-style: solid; border-color: #000000; height: 28px;\" width=\"236\"><span style=\"font-size: 14pt;\">9,200<\/span><\/td>\n<td style=\"border-style: solid; border-color: #000000; height: 28px;\" width=\"236\"><span style=\"font-size: 14pt;\">3.5%<\/span><\/td>\n<\/tr>\n<tr style=\"border-style: solid; border-color: #000000;\">\n<td style=\"border-style: solid; border-color: #000000; height: 28px;\" width=\"236\"><span style=\"font-size: 14pt;\">Ju\u017ena Afrika<\/span><\/td>\n<td style=\"border-style: solid; border-color: #000000; height: 28px;\" width=\"236\"><span style=\"font-size: 14pt;\">9,000<\/span><\/td>\n<td style=\"border-style: solid; border-color: #000000; height: 28px;\" width=\"236\"><span style=\"font-size: 14pt;\">3.4%<\/span><\/td>\n<\/tr>\n<tr style=\"border-style: solid; border-color: #000000;\">\n<td style=\"border-style: solid; border-color: #000000; height: 28px;\" width=\"236\"><span style=\"font-size: 14pt;\">Velika Britanija<\/span><\/td>\n<td style=\"border-style: solid; border-color: #000000; height: 28px;\" width=\"236\"><span style=\"font-size: 14pt;\">8,500<\/span><\/td>\n<td style=\"border-style: solid; border-color: #000000; height: 28px;\" width=\"236\"><span style=\"font-size: 14pt;\">3.2%<\/span><\/td>\n<\/tr>\n<tr style=\"border-style: solid; border-color: #000000;\">\n<td style=\"border-style: solid; border-color: #000000; height: 28px;\" width=\"236\"><span style=\"font-size: 14pt;\">Indija<\/span><\/td>\n<td style=\"border-style: solid; border-color: #000000; height: 28px;\" width=\"236\"><span style=\"font-size: 14pt;\">5,800<\/span><\/td>\n<td style=\"border-style: solid; border-color: #000000; height: 28px;\" width=\"236\"><span style=\"font-size: 14pt;\">2.2%<\/span><\/td>\n<\/tr>\n<tr style=\"border-style: solid; border-color: #000000;\">\n<td style=\"border-style: solid; border-color: #000000; height: 28px;\" width=\"236\"><span style=\"font-size: 14pt;\">Francuska<\/span><\/td>\n<td style=\"border-style: solid; border-color: #000000; height: 28px;\" width=\"236\"><span style=\"font-size: 14pt;\">5,600<\/span><\/td>\n<td style=\"border-style: solid; border-color: #000000; height: 28px;\" width=\"236\"><span style=\"font-size: 14pt;\">2.1%<\/span><\/td>\n<\/tr>\n<tr style=\"border-style: solid; border-color: #000000;\">\n<td style=\"border-style: solid; border-color: #000000; height: 28px;\" width=\"236\"><span style=\"font-size: 14pt;\">Banglade\u0161<\/span><\/td>\n<td style=\"border-style: solid; border-color: #000000; height: 28px;\" width=\"236\"><span style=\"font-size: 14pt;\">4,100<\/span><\/td>\n<td style=\"border-style: solid; border-color: #000000; height: 28px;\" width=\"236\"><span style=\"font-size: 14pt;\">1.6%<\/span><\/td>\n<\/tr>\n<tr style=\"border-style: solid; border-color: #000000;\">\n<td style=\"border-style: solid; border-color: #000000; height: 28px;\" width=\"236\"><span style=\"font-size: 14pt;\">Italija<\/span><\/td>\n<td style=\"border-style: solid; border-color: #000000; height: 28px;\" width=\"236\"><span style=\"font-size: 14pt;\">4,000<\/span><\/td>\n<td style=\"border-style: solid; border-color: #000000; height: 28px;\" width=\"236\"><span style=\"font-size: 14pt;\">1.5%<\/span><\/td>\n<\/tr>\n<tr style=\"border-style: solid; border-color: #000000;\">\n<td style=\"border-style: solid; border-color: #000000; height: 28px;\" width=\"236\"><span style=\"font-size: 14pt;\">Litvanija<\/span><\/td>\n<td style=\"border-style: solid; border-color: #000000; height: 28px;\" width=\"236\"><span style=\"font-size: 14pt;\">3,300<\/span><\/td>\n<td style=\"border-style: solid; border-color: #000000; height: 28px;\" width=\"236\"><span style=\"font-size: 14pt;\">1.3%<\/span><\/td>\n<\/tr>\n<tr style=\"border-style: solid; border-color: #000000;\">\n<td style=\"border-style: solid; border-color: #000000; height: 28px;\" width=\"236\"><span style=\"font-size: 14pt;\">Albanija<\/span><\/td>\n<td style=\"border-style: solid; border-color: #000000; height: 28px;\" width=\"236\"><span style=\"font-size: 14pt;\">2,800<\/span><\/td>\n<td style=\"border-style: solid; border-color: #000000; height: 28px;\" width=\"236\"><span style=\"font-size: 14pt;\">1.1%<\/span><\/td>\n<\/tr>\n<tr style=\"border-style: solid; border-color: #000000;\">\n<td style=\"border-style: solid; border-color: #000000; height: 28px;\" width=\"236\"><span style=\"font-size: 14pt;\">Nizozemska<\/span><\/td>\n<td style=\"border-style: solid; border-color: #000000; height: 28px;\" width=\"236\"><span style=\"font-size: 14pt;\">2,700<\/span><\/td>\n<td style=\"border-style: solid; border-color: #000000; height: 28px;\" width=\"236\"><span style=\"font-size: 14pt;\">1.0%<\/span><\/td>\n<\/tr>\n<tr style=\"border-style: solid; border-color: #000000;\">\n<td style=\"border-style: solid; border-color: #000000; height: 28px;\" width=\"236\"><span style=\"font-size: 14pt;\">Kina<\/span><\/td>\n<td style=\"border-style: solid; border-color: #000000; height: 28px;\" width=\"236\"><span style=\"font-size: 14pt;\">2,600<\/span><\/td>\n<td style=\"border-style: solid; border-color: #000000; height: 28px;\" width=\"236\"><span style=\"font-size: 14pt;\">1.0%<\/span><\/td>\n<\/tr>\n<tr style=\"border-style: solid; border-color: #000000;\">\n<td style=\"border-style: solid; border-color: #000000; height: 28px;\" width=\"236\"><span style=\"font-size: 14pt;\">Australija<\/span><\/td>\n<td style=\"border-style: solid; border-color: #000000; height: 28px;\" width=\"236\"><span style=\"font-size: 14pt;\">2,400<\/span><\/td>\n<td style=\"border-style: solid; border-color: #000000; height: 28px;\" width=\"236\"><span style=\"font-size: 14pt;\">0.9%<\/span><\/td>\n<\/tr>\n<tr style=\"border-style: solid; border-color: #000000;\">\n<td style=\"border-style: solid; border-color: #000000; height: 28px;\" width=\"236\"><span style=\"font-size: 14pt;\">Poljska<\/span><\/td>\n<td style=\"border-style: solid; border-color: #000000; height: 28px;\" width=\"236\"><span style=\"font-size: 14pt;\">2,100<\/span><\/td>\n<td style=\"border-style: solid; border-color: #000000; height: 28px;\" width=\"236\"><span style=\"font-size: 14pt;\">0.8%<\/span><\/td>\n<\/tr>\n<tr style=\"border-style: solid; border-color: #000000;\">\n<td style=\"border-style: solid; border-color: #000000; height: 28px;\" width=\"236\"><span style=\"font-size: 14pt;\">\u0160panija<\/span><\/td>\n<td style=\"border-style: solid; border-color: #000000; height: 28px;\" width=\"236\"><span style=\"font-size: 14pt;\">2,000<\/span><\/td>\n<td style=\"border-style: solid; border-color: #000000; height: 28px;\" width=\"236\"><span style=\"font-size: 14pt;\">0.8%<\/span><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h3><\/h3>\n<h3><span class=\"ez-toc-section\" id=\"Funkcionisanje\"><\/span><strong>Funkcionisanje<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><span style=\"font-size: 14pt;\">Poznato je da <em>Raptor Train<\/em> operateri koriste vi\u0161e od 20 razli\u010ditih tipova ure\u0111aja koriste\u0107i ranjivosti <a href=\"https:\/\/sajberinfo.com\/en\/2023\/04\/11\/zero-day\/\" target=\"_blank\" rel=\"nofollow noopener\">nultog dana<\/a> (eng. <em>zero-day<\/em>) i n-dana (eng. <em>n-day<\/em>) za uklju\u010divanje u <em>Nivo 1<\/em> \u010dvorove. Jednom kompromitovani, ovi ure\u0111aji ostaju u <em>botnetu<\/em> oko 17 dana pre nego \u0161to budu zamijenjeni novim. <em>Raptor Train <\/em>mre\u017ea je podijeljena na nekoliko nivoa: <em>Nivo 1<\/em> se sastoji od kompromitovanih <em>SOHO<\/em> i <em>IoT<\/em> ure\u0111aja; <em>Nivo 2<\/em> sadr\u017ei servere za eksploataciju, servere korisnog optere\u0107enja, <em>C2<\/em> servere i upravlja\u010dke \u010dvorove; dok <em>Nivo 3<\/em> uklju\u010duje <em>upstream<\/em> servere za upravljanje.<\/span><\/p>\n<p><span style=\"font-size: 14pt;\"><em>Raptor Train<\/em> operateri koriste slo\u017eenu postavku sa centralizovanim <em>Node.js<\/em> pozadinom i vi\u0161eplatformskom aplikacijom pod nazivom \u201c<em>Sparrow<\/em>\u201d. Ovo pode\u0161avanje podr\u017eava funkcije poput daljinskog izvr\u0161avanja komandi, prenosa datoteka, upravljanja ranjivostima i mogu\u0107nosti <a href=\"https:\/\/sajberinfo.com\/en\/2022\/04\/25\/ddos\/\" target=\"_blank\" rel=\"nofollow noopener\">distribuiranog uskra\u0107ivanja usluge<\/a> (eng. <em>Distributed Denial-of-Service \u2013 DDoS<\/em>), iako do sada nisu prijavljeni nikakvi uo\u010deni napadi distribuiranog uskra\u0107ivanja usluge (<em>DDoS<\/em>).<\/span><\/p>\n<p><span style=\"font-size: 14pt;\">Da bi bolje sakrili ranjivosti nultog dana kori\u0161\u0107ene u ovim napadima, operateri prave razliku izme\u0111u servera <a href=\"https:\/\/sajberinfo.com\/en\/2023\/04\/11\/payload\/\" target=\"_blank\" rel=\"nofollow noopener\">korisnog optere\u0107enja<\/a> prve i druge faze. Prvi pru\u017ea generi\u010dniji teret, dok se drugi upu\u0161ta u ciljane napade na odre\u0111ene tipove ure\u0111aja. Ova strategija mo\u017ee biti dio nastojanja da se prikriju iskori\u0161\u0107ene ranjivosti.<\/span><\/p>\n<p><span style=\"font-size: 14pt;\"><em>Raptor Train<\/em> operateri koriste razli\u010dite tehnike protiv forenzi\u010dke analize kako bi ote\u017eali otkrivanje i analizu. To uklju\u010duje zamagljivanje imena pokrenutih procesa, kompromitovanje ure\u0111aja kroz vi\u0161estepeni lanac infekcije, uni\u0161tavanje procesa daljinskog upravljanja i obezbje\u0111ivanje da njihov korisni teret nema mehanizme postojanosti. To \u010dini izazov za sigurnosne istra\u017eiva\u010de i agencije za sprovo\u0111enje zakona da efikasno prate aktivnosti <em>botneta<\/em>.<\/span><\/p>\n<p>&nbsp;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Raptor_Train_demontaza\"><\/span><strong><em>Raptor Train<\/em> demonta\u017ea<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><span style=\"font-size: 14pt;\">U sajber bezbjednosnoj operaciji bez presedana, Federalni istra\u017eni biro (eng. <em>Federal Bureau of Investigation \u2013 FBI<\/em>) je uspje\u0161no demontirao <em>Raptor Train botnet<\/em>. <em>FBI<\/em> operacija uklanjanja uklju\u010divala je zapljenu napada\u010dke infrastrukture da bi izdala komande za onemogu\u0107avanje <a href=\"https:\/\/sajberinfo.com\/en\/2021\/09\/26\/malware\/\" target=\"_blank\" rel=\"nofollow noopener\">zlonamjernog softvera<\/a> na zara\u017eenim ure\u0111ajima. Me\u0111utim, <a href=\"https:\/\/sajberinfo.com\/en\/2022\/03\/19\/hakeri-crni-sesiri-epizoda-3\/\" target=\"_blank\" rel=\"nofollow noopener\">zlonamjerni akteri<\/a> poku\u0161ali su da ometaju akciju sanacije pokretanjem <em>DDoS<\/em> napada ciljajuc\u0301i na servere koje je <em>FBI<\/em> koristio da izvr\u0161i sudski nalog. Uprkos ovim neuspje\u0161nim naporima, <em>FBI<\/em> je uspeo da efikasno izvr\u0161i svoju operaciju.<\/span><\/p>\n<p>&nbsp;<\/p>\n<blockquote><p><span style=\"font-size: 14pt;\"><em>\u201cOvaj botnet je ciljao entitete u SAD i Tajvanu u razli\u010ditim sektorima, uklju\u010duju\u0107i vojsku, vladu, visoko obrazovanje, telekomunikacije, odbrambenu industrijsku bazu i IT. Istraga je dala uvid u mre\u017enu arhitekturu botneta, eksploatacione kampanje, komponente zlonamjernog softvera i operativnu upotrebu, osvetljavaju\u0107i evoluirajuc\u0301e taktike i tehnike koje koriste zlonamjerni akteri. Glavna zabrinutost u vezi Raptor Train botneta je DDoS sposobnost za koju jo\u0161 nismo primijetili da je aktivno raspore\u0111ena, ali sumnjamo da se odr\u017eava za budu\u0107u upotrebu.\u201d<\/em><\/span><\/p>\n<p style=\"text-align: right;\"><span style=\"font-size: 14pt;\"><em>&#8211; Lumen Technologies report &#8211;<\/em><\/span><\/p>\n<\/blockquote>\n<p>&nbsp;<\/p>\n<p><span style=\"font-size: 14pt;\"><em>FBI<\/em> uklanjanje <em>Raptor Train botneta<\/em> ozna\u010dava zna\u010dajnu prekretnicu u globalnim naporima za <a href=\"https:\/\/sajberinfo.com\/en\/2018\/12\/23\/sajber-bezbjednost\/\" target=\"_blank\" rel=\"nofollow noopener\">sajber bezbjednost<\/a> protiv hakovanja koje sponzori\u0161e dr\u017eava. Operacija nagla\u0161ava va\u017enost me\u0111unarodne saradnje i budnosti u borbi protiv sofisticiranih prijetnji koje potencijalno mogu poremetiti kriti\u010dnu infrastrukturu i nacionalnu bezbjednost.<\/span><\/p>\n<p>&nbsp;<\/p>\n<h2><span class=\"ez-toc-section\" id=\"FLAX_TYPHOON\"><\/span><strong><em>FLAX TYPHOON<\/em><\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span style=\"font-size: 14pt;\"><em>Flax Typhoon<\/em> je <a href=\"https:\/\/sajberinfo.com\/en\/2020\/12\/08\/apt-sponzorisani-napadi\/\" target=\"_blank\" rel=\"nofollow noopener\">napredna trajna prijetnja<\/a> (eng. <em>Advanced persistent threat \u2013 APT<\/em>) sa jakim vezama sa kineskom vladom. Grupa je jo\u0161 poznata i kao <em>Ethereal<\/em> <em>Panda, RedJuliett<\/em> i <em>Storm<\/em>&#8211;<em>0919<\/em>. Ova grupa primarno cilja na organizacije na Tajvanu i specijalizovana je za \u0161pijunske kampanje, fokusirajuc\u0301i se na dobijanje trajnog pristupa mre\u017eama uz minimalnu upotrebuzlonamjernog softvera tokom du\u017eeg vremenskog perioda.<\/span><\/p>\n<p><span style=\"font-size: 14pt;\">Na\u010din funkcionisanja <em>Flax Typhoon APT <\/em>grupe uklju\u010duje iskori\u0161\u0107avanje ranjivosti javnih servera i kori\u0161\u0107enje <a href=\"https:\/\/sajberinfo.com\/en\/2024\/03\/18\/living-off-the-land-lotl\/\" target=\"_blank\" rel=\"nofollow noopener\">tehnike stapanja sa okolinom<\/a> (eng. <em>Living off the Land \u2013 LotL<\/em>) kako bi se neprimjetno uklopile sa ciljnim okru\u017eenjem. Koriste\u0107i alate ugra\u0111ene u operativne sisteme i legitiman softver, <em>Flax Typhoon<\/em> uspijeva da ostane neotkriven tokom du\u017eeg perioda, \u0161to ga \u010dini ozbiljnim protivnikom.<\/span><\/p>\n<p><span style=\"font-size: 14pt;\">Jedna od njihovih preferiranih metoda je postavljanje <a href=\"https:\/\/sajberinfo.com\/en\/2021\/10\/17\/vpn-sigurno-mrezno-povezivanje\/\" target=\"_blank\" rel=\"nofollow noopener\">virtuelne privatne mre\u017ee<\/a> (eng. <em>Virtual Private Network \u2013 VPN<\/em>) kako bi se odr\u017eala postojanost unutar ugro\u017eenih mre\u017ea. Ovo omogu\u0107ava zlonamjernom akteru da se <a href=\"https:\/\/sajberinfo.com\/en\/2023\/11\/09\/lateral-movement\/\" target=\"_blank\" rel=\"nofollow noopener\">kre\u0107e bo\u010dno<\/a> kroz razli\u010dite sisteme i dobije pristup osvetljivim podacima bez izazivanja sumnje. Me\u0111u raznim alatima i tehnikama koje <em>Flax Typhoon APT<\/em> koristi su <em>China Chopper Web shell<\/em>, <em>Metasploit,<\/em> <em>Juicy<\/em> <em>Potato<\/em> za eskalaciju privilegija, <em>Mimikatz<\/em> i <em>SoftEther<\/em> <em>VPN<\/em> klijent.<\/span><\/p>\n<p><span style=\"font-size: 14pt;\">Razumijevanje taktika, tehnika i procedura koje koristi <em>Flax Typhoon APT <\/em>grupa je klju\u010dno za organizacije da za\u0161tite svoje mre\u017ee od ovako naprednih prijetnji.<\/span><\/p>\n<p>&nbsp;<\/p>\n<h2><span class=\"ez-toc-section\" id=\"ZAKLJUCAK\"><\/span><strong>ZAKLJU\u010cAK<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span style=\"font-size: 14pt;\">Otkri\u0107e i istraga <em>botnet<\/em> <em>Raptor Train<\/em> bacili su svetilo na zna\u010dajnu sajber prijetnju koja predstavlja brojne rizike i izazove.<\/span><\/p>\n<p><span style=\"font-size: 14pt;\">Prvo, obim kompromitovanih ure\u0111aja povezanih sa <em>Raptor Train<\/em> <em>botnetom <\/em>je alarmantan. Sa preko 1,2 miliona zapisa o zara\u017eenim ure\u0111ajima samo u junu ove godine, nagla\u0161ava ranjivost <em>SOHO<\/em>\/<em>IoT<\/em> ure\u0111aja na sajber prijetnje. Ovi ure\u0111aji se \u010desto zanemaruju kada je rije\u010d o bezbjednosnim mjerama zbog njihove percipirane bezna\u010dajnosti u pore\u0111enju sa kriti\u010dnijim sistemima. Me\u0111utim, kao \u0161to je pokazao <em>botnet<\/em> <em>Raptor Train<\/em>, \u010dak i naizgled bezopasni ure\u0111aji mogu se masovno iskori\u0161\u0107avati u zlonamjerne svrhe.<\/span><\/p>\n<p><span style=\"font-size: 14pt;\">Drugo, veza izme\u0111u <em>Raptor Train<\/em> <em>botneta<\/em> i hakera koje sponzori\u0161e dr\u017eava kao \u0161to je <em>Flax<\/em> <em>Typhoon<\/em> izaziva zabrinutost u vezi sa sajber \u0161pijuna\u017eom i sabota\u017enim aktivnostima nacionalne dr\u017eave. Upotreba ranjivosti nultog dana u ovim napadima sugeri\u0161e da se razvijaju sofisticirani alati za ciljane kampanje protiv odre\u0111enih zemalja ili industrija.<\/span><\/p>\n<p><span style=\"font-size: 14pt;\">Na kraju, anti-forenzi\u010dke tehnike koje koriste <em>Raptor Train<\/em> operateri \u010dine izazovnim otkrivanje i efikasno ubla\u017eavanje njihovih aktivnosti. Ovo nagla\u0161ava potrebu za pobolj\u0161anim mjerama sajber bezbjednosti, uklju\u010duju\u0107i bolju razmjenu obavje\u0161tajnih podataka o prijetnjama izme\u0111u organizacija i vlada, kao i sna\u017enije sposobnosti reagovanja na incidente. Kako <em>Raptor Train<\/em> nastavlja da raste u veli\u010dini i obimu, klju\u010dno je da profesionalci za sajber bezbjednost ostanu oprezni i proaktivni u identifikovanju i neutralisanju ove prijetnje kako bi za\u0161titili kriti\u010dnu infrastrukturu od potencijalnog kompromitovanja ure\u0111aja.<\/span><\/p>\n<p>&nbsp;<\/p>\n<h2><span class=\"ez-toc-section\" id=\"ZASTITA\"><\/span><strong>ZA\u0160TITA<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span style=\"font-size: 14pt;\">Kako bi se korisnici i organizacije za\u0161titile od <em>Raptor Train<\/em> <em>botnet<\/em> prijetnje, mogu primjenjivati sljede\u0107e preporuke:<\/span><\/p>\n<ol>\n<li><span style=\"font-size: 14pt;\">Redovno a\u017eurirati softver na svim ure\u0111ajimasa najnovijim softverskim ispravkama kako bi se sprije\u010dili da zlonamjerni akteri iskoriste poznate ranjivosti. Ovo uklju\u010duje rutere, modeme, <em>IP<\/em> kamere i <em>NAS<\/em> ure\u0111aje,<\/span><\/li>\n<li><span style=\"font-size: 14pt;\">Uvjeriti se da su <a href=\"https:\/\/sajberinfo.com\/en\/2019\/02\/24\/lozinka-password-sifra\/\" target=\"_blank\" rel=\"nofollow noopener\">lozinke<\/a> za ure\u0111aje koji su obuhva\u0107eni ovim napadom slo\u017eene i jedinstvene, \u0161to ote\u017eava zlonamjernim akterima da dobiju neovla\u0161teni pristup. Razmisliti o kori\u0161tenju menad\u017eera lozinki da bi se lak\u0161e upravljalo vi\u0161estrukim jakim lozinkama,<\/span><\/li>\n<li><span style=\"font-size: 14pt;\">Omogu\u0107iti autentifikaciju u dva koraka (eng. <em>Two-Factor Authentication \u2013 2FA<\/em>) tamo gdje je mogu\u0107e, jer ovo dodaje jo\u0161 jedan sloj bezbjednosti zahtjevaju\u0107i jo\u0161 jedan oblik verifikacije pored lozinke,<\/span><\/li>\n<li><span style=\"font-size: 14pt;\">Podijeliti mre\u017eu na manje segmente da bi se ograni\u010dilo \u0161irenje potencijalne infekcije. Ovo mo\u017ee pomo\u0107i u suzbijanju svih ugro\u017eavanja i olak\u0161ati njihovo otkrivanje i reagovanje,<\/span><\/li>\n<li><span style=\"font-size: 14pt;\">Potrebno je pravilo konfigurisati za\u0161titne zidove na ruterima i drugim ure\u0111ajima da bi se blokirao nepotreban dolazni saobra\u0107aj, posebno iz nepoznatih izvora,<\/span><\/li>\n<li><span style=\"font-size: 14pt;\">Implementirati sisteme za otkrivanje upada (eng. <em>Intrusion Detection Systems \u2013 IDS<\/em>) i\/ili sisteme za spre\u010davanje upada (eng. <em>Intrusion Prevention Systems \u2013 IPS<\/em>) za nadgledanje mre\u017enog saobra\u0107aja u potrazi za sumnjivim aktivnostima i automatski reagovanje na potencijalne prijetnje,<\/span><\/li>\n<li><span style=\"font-size: 14pt;\">Redovno pregledati mre\u017ene evidencije u potrazi za neobi\u010dnim ili sumnjivim aktivnostima, kao \u0161to su velike koli\u010dine odlaznog saobra\u0107aja ili veze sa poznatim zlonamjernim domenima,<\/span><\/li>\n<li><span style=\"font-size: 14pt;\">Razvijati i primjenjivati sveobuhvatnu bezbjednosnu politiku koja pokriva sve ure\u0111aje, uklju\u010duju\u0107i one na perimetru mre\u017ee, kao i <em>IoT<\/em> ure\u0111aje. Ovo bi trebalo da uklju\u010duje smjernice za upravljanje lozinkama, a\u017euriranja softvera i prihvatljivo kori\u0161\u0107enje resursa kompanije,<\/span><\/li>\n<li><span style=\"font-size: 14pt;\">Potrebno je biti informisan o novim prijetnjama kao \u0161to je <em>Raptor Train<\/em> <em>botnet<\/em> pretplatom na usluge obavje\u0161tajnih podataka o prijetnjama. Ovo mo\u017ee pomo\u0107i da se bude ispred potencijalnih napada i da se efikasnije odgovori kada se dogode. Pored toga, sara\u0111ivati sa drugim organizacijama i grupama za razmjenu informacija kako bi se podijelili uvidi i najbolje prakse za odbranu od ovih vrsta prijetnji.<\/span><\/li>\n<\/ol>\n<p><span style=\"font-size: 14pt;\">Na kraju, va\u017eno je napomenuti da je poznato da operateri <em>botnet<\/em> <em>Raptor Train<\/em> iskori\u0161tavaju i ranjivosti nultog dana i n-dana na razli\u010ditim ure\u0111ajima. Stoga je proaktivan pristup bezbjednosti neophodan, jer oslanjanje isklju\u010divo na ispravke nakon incidenta mo\u017ee u\u010diniti mre\u017eu ranjivom. Redovno pregledati i a\u017eurirati svoje bezbjednosne mjere da bi se odr\u017eala za\u0161tita od prijetnji u razvoju kao \u0161to je <em>Raptor Train<\/em>.<\/span><\/p>","protected":false},"excerpt":{"rendered":"<p>Raptor Train botnet je sofisticirana, vi\u0161eslojna infrastruktura za komandu i kontrolu (C2) koja prvenstveno cilja modeme, rutere, IP kamere, NAS ure\u0111aje i druge IoT ure\u0111aje. Utvr\u0111eno je da ovaj botnet, povezan sa hakerima koje&#46;&#46;&#46;<\/p>","protected":false},"author":1,"featured_media":7292,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[2236,1237,2238,2234,2235,2239,484,2241,2240,2232,2242,368,2233,2237,385],"class_list":["post-7288","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-hronike","tag-botnet-control","tag-ddos-attacks","tag-draytek-vigor","tag-flax-typhoon","tag-infected-devices","tag-ip-cameras","tag-mikrotik","tag-modems","tag-nas-devices","tag-raptor-train-botnet","tag-routers","tag-ruckus","tag-state-sponsored-hackers","tag-tp-link","tag-zyxel"],"_links":{"self":[{"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/posts\/7288","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/comments?post=7288"}],"version-history":[{"count":0,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/posts\/7288\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/media\/7292"}],"wp:attachment":[{"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/media?parent=7288"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/categories?post=7288"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/tags?post=7288"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}