{"id":1105130,"date":"2024-01-17T10:35:24","date_gmt":"2024-01-17T12:35:24","guid":{"rendered":"https:\/\/teknomers.com\/fr\/le-gouvernement-federal-met-en-garde-contre-le-botnet-androxgh0st-ciblant-les-informations-didentification-aws-azure-et-office-365\/"},"modified":"2024-01-17T10:35:28","modified_gmt":"2024-01-17T12:35:28","slug":"le-gouvernement-federal-met-en-garde-contre-le-botnet-androxgh0st-ciblant-les-informations-didentification-aws-azure-et-office-365","status":"publish","type":"post","link":"https:\/\/teknomers.com\/fr\/le-gouvernement-federal-met-en-garde-contre-le-botnet-androxgh0st-ciblant-les-informations-didentification-aws-azure-et-office-365\/","title":{"rendered":"Le gouvernement f\u00e9d\u00e9ral met en garde contre le botnet AndroxGh0st ciblant les informations d&#8217;identification AWS, Azure et Office 365"},"content":{"rendered":"<p> <br \/>\n<\/p>\n<div>\n<p><span class=\"p-author\"><i class=\"icon-font icon-calendar\">\ue802<\/i><span class=\"author\">17 janvier 2024<\/span><i class=\"icon-font icon-user\">\ue804<\/i><span class=\"author\">R\u00e9daction<\/span><\/span><span class=\"p-tags\">S\u00e9curit\u00e9 des botnets\/cloud<\/span><\/p>\n<\/div>\n<div id=\"articlebody\">\n<div class=\"separator\" style=\"clear: both;\"><a rel=\"nofollow\" href=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2024\/01\/Le-gouvernement-federal-met-en-garde-contre-le-botnet-AndroxGh0st.jpg\" style=\"clear: left; display: block; float: left; text-align: center;\"><\/a><\/div>\n<p>L&#8217;Agence am\u00e9ricaine de cybers\u00e9curit\u00e9 et de s\u00e9curit\u00e9 des infrastructures (CISA) et le Federal Bureau of Investigation (FBI) <a rel=\"nofollow noopener\" href=\"https:\/\/www.cisa.gov\/news-events\/alerts\/2024\/01\/16\/cisa-and-fbi-release-known-iocs-associated-androxgh0st-malware\" target=\"_blank\">averti<\/a> que les acteurs mena\u00e7ants d\u00e9ployant le <strong>AndroxGh0st<\/strong> les logiciels malveillants cr\u00e9ent un botnet pour \u00ab\u00a0l&#8217;identification et l&#8217;exploitation des victimes dans les r\u00e9seaux cibles\u00a0\u00bb.<\/p>\n<p>Un malware bas\u00e9 sur Python, <a rel=\"nofollow noopener\" href=\"https:\/\/fortiguard.fortinet.com\/threat-signal-report\/5066\/androxgh0st-malware-actively-used-in-the-wild\" target=\"_blank\">AndroxGh0st<\/a> a \u00e9t\u00e9 document\u00e9 pour la premi\u00e8re fois par Lacework en d\u00e9cembre 2022, le malware ayant inspir\u00e9 plusieurs outils similaires comme AlienFox, GreenBot (alias Maintance), Legion et Predator.<\/p>\n<p>L&#8217;outil d&#8217;attaque cloud est capable d&#8217;infiltrer les serveurs vuln\u00e9rables aux failles de s\u00e9curit\u00e9 connues pour acc\u00e9der aux fichiers de l&#8217;environnement Laravel et voler les informations d&#8217;identification d&#8217;applications de haut niveau telles que Amazon Web Services (AWS), Microsoft Office 365, SendGrid et Twilio.<\/p>\n<div class=\"check_two clear babsi\"><center class=\"cf\"><a rel=\"nofollow noopener\" href=\"https:\/\/thn.news\/tl_d2\" target=\"_blank\" title=\"Cybersecurity\"><img loading=\"lazy\" decoding=\"async\" class=\"lazyload\" alt=\"La cyber-s\u00e9curit\u00e9\" src=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2024\/01\/1705402644_392_Le-logiciel-malveillant-Inferno-deguise-en-Coinbase-a-draine-87.jpg\" width=\"727\" height=\"90\"\/><\/a><\/center><\/div>\n<p>Certaines des failles notables utilis\u00e9es par les attaquants incluent CVE-2017-9841 (PHPUnit), CVE-2021-41773 (Apache HTTP Server) et <a rel=\"nofollow noopener\" href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2018-15133\" target=\"_blank\">CVE-2018-15133<\/a> (Cadre Laravel).<\/p>\n<p>&#8220;AndroxGh0st dispose de plusieurs fonctionnalit\u00e9s pour permettre les abus SMTP, notamment l&#8217;analyse, l&#8217;exploitation des informations d&#8217;identification et des API expos\u00e9es, et m\u00eame le d\u00e9ploiement de shells Web&#8221;, Lacework <a rel=\"nofollow noopener\" href=\"https:\/\/www.lacework.com\/blog\/androxghost-the-python-malware-exploiting-your-aws-keys\/\" target=\"_blank\">dit<\/a>.  &#8220;Pour AWS en particulier, le malware recherche et analyse les cl\u00e9s AWS, mais a \u00e9galement la capacit\u00e9 de g\u00e9n\u00e9rer des cl\u00e9s pour les attaques par force brute.&#8221;<\/p>\n<div class=\"separator\" style=\"clear: both;\"><a rel=\"nofollow\" href=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2024\/01\/1705494924_665_Le-gouvernement-federal-met-en-garde-contre-le-botnet-AndroxGh0st.jpg\" style=\"clear: left; display: block; float: left; text-align: center;\"><img decoding=\"async\" src=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2024\/01\/1705494924_665_Le-gouvernement-federal-met-en-garde-contre-le-botnet-AndroxGh0st.jpg\" alt=\"Botnet AndroxGh0st\" border=\"0\" data-original-height=\"446\" data-original-width=\"728\" title=\"Botnet AndroxGh0st\"\/><\/a><\/div>\n<p>Ces fonctionnalit\u00e9s font d&#8217;AndroxGh0st une menace puissante qui peut \u00eatre utilis\u00e9e pour t\u00e9l\u00e9charger des charges utiles suppl\u00e9mentaires et conserver un acc\u00e8s persistant aux syst\u00e8mes compromis. <\/p>\n<p>Le d\u00e9veloppement arrive moins d&#8217;une semaine apr\u00e8s que SentinelOne a r\u00e9v\u00e9l\u00e9 un outil connexe mais distinct appel\u00e9 FBot, utilis\u00e9 par les attaquants pour pirater les serveurs Web, les services cloud, les syst\u00e8mes de gestion de contenu (CMS) et les plates-formes SaaS.<\/p>\n<div class=\"check_two clear babsi\"><center class=\"cf\"><a rel=\"nofollow noopener\" href=\"https:\/\/thn.news\/3UvK59NV\" target=\"_blank\" title=\"Cybersecurity\"><img loading=\"lazy\" decoding=\"async\" class=\"lazyload\" alt=\"La cyber-s\u00e9curit\u00e9\" src=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2024\/01\/Nouveau-JinxLoader-ciblant-les-utilisateurs-avec-les-logiciels-malveillants-Formbook.png\" width=\"727\" height=\"90\"\/><\/a><\/center><\/div>\n<p>Cela fait \u00e9galement suite \u00e0 une alerte de NETSCOUT concernant un pic significatif d&#8217;activit\u00e9 d&#8217;analyse des botnets depuis la mi-novembre 2023, atteignant un pic de pr\u00e8s de 1,3 million d&#8217;appareils distincts le 5 janvier 2024. La majorit\u00e9 des adresses IP sources sont associ\u00e9es aux \u00c9tats-Unis et \u00e0 la Chine. , le Vietnam, Taiwan et la Russie.<\/p>\n<p>&#8220;L&#8217;analyse de l&#8217;activit\u00e9 a r\u00e9v\u00e9l\u00e9 une augmentation de l&#8217;utilisation de serveurs cloud et d&#8217;h\u00e9bergement bon march\u00e9 ou gratuits que les attaquants utilisent pour cr\u00e9er des rampes de lancement de botnets&#8221;, a d\u00e9clar\u00e9 la soci\u00e9t\u00e9. <a rel=\"nofollow noopener\" href=\"https:\/\/www.netscout.com\/blog\/asert\/unprecedented-growth-malicious-botnets-observed\" target=\"_blank\">dit<\/a>.  &#8220;Ces serveurs sont utilis\u00e9s via des essais, des comptes gratuits ou des comptes \u00e0 faible co\u00fbt, qui assurent l&#8217;anonymat et une maintenance minimale.&#8221;<\/p>\n<p><\/p>\n<div class=\"cf note-b\">Vous avez trouv\u00e9 cet article int\u00e9ressant ?  Suivez-nous sur <a rel=\"nofollow noopener\" href=\"https:\/\/twitter.com\/thehackersnews\" target=\"_blank\">Twitter <i class=\"icon-font icon-twitter\">\uf099<\/i><\/a>  et <a rel=\"nofollow noopener\" href=\"https:\/\/www.linkedin.com\/company\/thehackernews\/\" target=\"_blank\">LinkedIn<\/a> pour lire plus de contenu exclusif que nous publions.<\/div>\n<\/div>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><br \/>\n<br \/><br \/>\n<br \/><a href=\"https:\/\/thehackernews.com\/2024\/01\/feds-warn-of-androxgh0st-botnet.html\" rel=\"nofollow noopener\" target=\"_blank\">ttn-fr-57<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>\ue80217 janvier 2024\ue804R\u00e9dactionS\u00e9curit\u00e9 des botnets\/cloud L&#8217;Agence am\u00e9ricaine de cybers\u00e9curit\u00e9 et de s\u00e9curit\u00e9 des infrastructures (CISA) et le Federal Bureau of Investigation (FBI) averti que les acteurs mena\u00e7ants d\u00e9ployant le AndroxGh0st les logiciels malveillants cr\u00e9ent un botnet pour \u00ab\u00a0l&#8217;identification et l&#8217;exploitation des victimes dans les r\u00e9seaux cibles\u00a0\u00bb. Un malware bas\u00e9 sur Python, AndroxGh0st a \u00e9t\u00e9 document\u00e9 [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":1105131,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[200292,224885,45034,21082,5464,4175,4168,841,4165,4161,200267,71695,6658,525,583,492,4159,4171,65,200271,4955,200268,200269,200270,4956,128318,4172,4169,4166,4164],"class_list":["post-1105130","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technologie","tag-actualites-sur-la-cybersecurite","tag-androxgh0st","tag-aws","tag-azure","tag-botnet","tag-ciblant","tag-comment-pirater","tag-contre","tag-cyber-attaques","tag-cyber-mises-a-jour","tag-cyberactualites","tag-didentification","tag-federal","tag-garde","tag-gouvernement","tag-informations","tag-lactualite-de-la-cybersecurite-aujourdhui","tag-lactualite-des-hackers","tag-les","tag-logiciel-malveillant-rancongiciel","tag-met","tag-mises-a-jour-sur-la-cybersecurite","tag-nouvelles-des-pirates","tag-nouvelles-sur-le-piratage","tag-office","tag-securite-des-informations","tag-securite-informatique","tag-securite-internet","tag-violation-de-donnees","tag-vulnerabilite-logicielle"],"_links":{"self":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/1105130","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/comments?post=1105130"}],"version-history":[{"count":0,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/1105130\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media\/1105131"}],"wp:attachment":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media?parent=1105130"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/categories?post=1105130"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/tags?post=1105130"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}