Industrial engineers and operators are the target of a new campaign that leverages password cracking software to seize control of Programmable Logic Controllers (PLCs) and co-opt the machines to a botnet.
工业工程师和操作员是一项新活动的目标,该活动利用密码破解软件夺取可编程逻辑控制器 (PLC) 的控制权,并将机器加入僵尸网络。
The software "exploited a vulnerability in the firmware which allowed it to retrieve the password on command," Dragos security researcher Sam Hanson said. "Further, the software was a malware dropper, infecting the machine with the Sality malware and turning the host into a peer in Sality's peer-to-peer botnet."
Dragos安全研究员 Sam Hanson说,该软件“利用了固件中的一个漏洞,使其能够根据命令检索密码。此外,该软件是一个恶意软件植入程序,用Sality恶意软件感染机器,并将主机变成 Sality僵尸网络中的对等节点。”
The industrial cybersecurity firm said the password retrieval exploit embedded in the malware dropper is designed to recover the credential associated with Automation Direct DirectLOGIC 06 PLC.
这家工业网络安全公司表示,嵌入在恶意软件释放器中的密码检索漏洞旨在恢复与 Automation Direct DirectLOGIC 06 PLC相关的凭证。
The exploit, tracked as CVE-2022-2003 (CVSS score: 7.7), has been described as a case of cleartext transmission of sensitive data that could lead to information disclosure and unauthorized changes. The issue was addressed in firmware Version 2.72 released last month.
该漏洞被跟踪为 CVE-2022-2003(CVSS 分数:7.7),被描述为敏感数据的明文传输案例,可能导致信息泄露和未经授权的更改。该问题已在上个月发布的固件版本 2.72 中得到解决。
The infections culminate in the deployment of the Sality malware for carrying out tasks such as cryptocurrency mining and password cracking in a distributed fashion, while also taking steps to remain undetected by terminating security software running in the compromised workstations.
感染的终极目的是部署Sality恶意软件,以分布式方式执行加密货币挖掘和密码破解等任务,同时还采取措施通过终止受感染工作站中运行的安全软件来保持不被发现。
What's more, the artifact unearthed by Dragos functions drops a crypto-clipper payload that steals cryptocurrency during a transaction by substituting the original wallet address saved in the clipboard with the attacker's wallet address.
更重要的是,Dragos功能挖掘出的工件丢弃了一个加密剪辑器有效负载,该有效负载通过将保存在剪贴板中的原始钱包地址替换为攻击者的钱包地址来窃取交易期间的加密货币。
Automation Direct is not the only vendor impacted as the tool claim to encompass several PLCs, HMIs, human-machine interface (HMI), and project files spanning Omron, Siemens, ABB Codesys, Delta Automation, Fuji Electric, Mitsubishi Electric, Schneider Electric's Pro-face, Vigor PLC, Weintek, Rockwell Automation's Allen-Bradley, Panasonic, Fatek, IDEC Corporation, and LG.
Automation Direct 不是唯一受影响的供应商,因为该工具声称包含多个 PLC、HMI、人机界面 ( HMI ) 和 Omron、Siemens、ABB Codesys、Delta Automation、富士电机、三菱电机、施耐德电气 Pro 的项目文件-face、Vigor PLC、Weintek、罗克韦尔自动化的 Allen-Bradley、松下、Fatek、IDEC Corporation 和 LG。
This is far from the first time trojanized software has singled out operational technology (OT) networks. In October 2021, Mandiant disclosed how legitimate portable executable binaries are being compromised by a variety of malware such as Sality, Virut, and Ramnit, among others.
这远非木马软件第一次单独挑中运营技术 (OT) 网络。2021 年 10 月,Mandiant披露了合法的可移植可执行二进制文件如何被 Sality、Virut 和 Ramnit 等各种恶意软件破坏。
甚爱必大费,多藏必厚亡。知足不辱,知止不殆,可以长久。
——《道德经.第四十四章》
本文翻译自:
https://thehackernews.com/2022/07/hackers-distributing-password-cracking.html
如若转载,请注明原文地址
翻译水平有限 :(
有歧义的地方,请以原文为准 :
