{"id":1126162,"date":"2024-01-31T07:26:27","date_gmt":"2024-01-31T09:26:27","guid":{"rendered":"https:\/\/teknomers.com\/fr\/des-pirates-chinois-exploitent-les-failles-du-vpn-pour-deployer-le-logiciel-malveillant-krustyloader\/"},"modified":"2024-01-31T07:26:31","modified_gmt":"2024-01-31T09:26:31","slug":"des-pirates-chinois-exploitent-les-failles-du-vpn-pour-deployer-le-logiciel-malveillant-krustyloader","status":"publish","type":"post","link":"https:\/\/teknomers.com\/fr\/des-pirates-chinois-exploitent-les-failles-du-vpn-pour-deployer-le-logiciel-malveillant-krustyloader\/","title":{"rendered":"Des pirates chinois exploitent les failles du VPN pour d\u00e9ployer le logiciel malveillant KrustyLoader"},"content":{"rendered":"<p> <br \/>\n<\/p>\n<div>\n<p><span class=\"p-author\"><i class=\"icon-font icon-calendar\">\ue802<\/i><span class=\"author\">31 janvier 2024<\/span><i class=\"icon-font icon-user\">\ue804<\/i><span class=\"author\">R\u00e9daction<\/span><\/span><span class=\"p-tags\">Cyberattaque\/S\u00e9curit\u00e9 du r\u00e9seau<\/span><\/p>\n<\/div>\n<div id=\"articlebody\">\n<div class=\"separator\" style=\"clear: both;\"><a rel=\"nofollow\" href=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2024\/01\/Des-pirates-chinois-exploitent-les-failles-du-VPN-pour-deployer.jpg\" style=\"clear: left; display: block; float: left; text-align: center;\"><\/a><\/div>\n<p>Deux failles Zero Day r\u00e9cemment r\u00e9v\u00e9l\u00e9es dans les appareils de r\u00e9seau priv\u00e9 virtuel (VPN) Ivanti Connect Secure (ICS) ont \u00e9t\u00e9 exploit\u00e9es pour fournir une charge utile bas\u00e9e sur Rust appel\u00e9e <strong>KrustyLoader<\/strong> cela est utilis\u00e9 pour abandonner l&#8217;outil open source de simulation d&#8217;adversaire Sliver.<\/p>\n<p>Les vuln\u00e9rabilit\u00e9s de s\u00e9curit\u00e9, identifi\u00e9es comme CVE-2023-46805 (score CVSS\u00a0: 8,2) et CVE-2024-21887 (score CVSS\u00a0: 9,1), pourraient \u00eatre exploit\u00e9es en tandem pour permettre l&#8217;ex\u00e9cution de code \u00e0 distance non authentifi\u00e9 sur des appareils sensibles.<\/p>\n<p>Au 26 janvier, <a rel=\"nofollow noopener\" href=\"https:\/\/forums.ivanti.com\/s\/article\/KB-CVE-2023-46805-Authentication-Bypass-CVE-2024-21887-Command-Injection-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US\" target=\"_blank\">patchs pour les deux failles<\/a> ont \u00e9t\u00e9 retard\u00e9s, bien que l&#8217;\u00e9diteur de logiciels ait publi\u00e9 une att\u00e9nuation temporaire via un fichier XML.<\/p>\n<div class=\"check_two clear babsi\"><center class=\"cf\"><a rel=\"nofollow noopener\" href=\"https:\/\/thn.news\/tl_d1\" target=\"_blank\" title=\"Cybersecurity\"><img loading=\"lazy\" decoding=\"async\" class=\"lazyload\" alt=\"La cyber-s\u00e9curit\u00e9\" src=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2024\/01\/Les-attaques-DDoS-contre-le-secteur-des-services-environnementaux-augmentent.gif\" width=\"727\" height=\"90\"\/><\/a><\/center><\/div>\n<p>Volexity, qui a \u00e9t\u00e9 le premier \u00e0 mettre en lumi\u00e8re ces lacunes, a d\u00e9clar\u00e9 qu&#8217;ils ont \u00e9t\u00e9 transform\u00e9s en armes de type Zero Day depuis le 3 d\u00e9cembre 2023 par un acteur mena\u00e7ant d&#8217;\u00c9tat-nation chinois qu&#8217;il suit sous le nom d&#8217;UTA0178.  Mandiant, propri\u00e9t\u00e9 de Google, a attribu\u00e9 le surnom UNC5221 au groupe.<\/p>\n<p>Suite \u00e0 la divulgation publique plus t\u00f4t ce mois-ci, les vuln\u00e9rabilit\u00e9s ont <a rel=\"nofollow noopener\" href=\"https:\/\/www.volexity.com\/blog\/2024\/01\/18\/ivanti-connect-secure-vpn-exploitation-new-observations\/\" target=\"_blank\">faire l&#8217;objet d&#8217;une large exploitation<\/a> par d&#8217;autres adversaires pour abandonner les mineurs de crypto-monnaie XMRig ainsi que les logiciels malveillants bas\u00e9s sur Rust.<\/p>\n<p>Synacktiv&#8217;s <a rel=\"nofollow noopener\" href=\"https:\/\/www.synacktiv.com\/publications\/krustyloader-rust-malware-linked-to-ivanti-connectsecure-compromises\" target=\"_blank\">analyse<\/a> du malware Rust, nom de code KrustyLoader, a r\u00e9v\u00e9l\u00e9 qu&#8217;il fonctionne comme un chargeur pour t\u00e9l\u00e9charger Sliver depuis un serveur distant et l&#8217;ex\u00e9cuter sur l&#8217;h\u00f4te compromis.<\/p>\n<table cellpadding=\"0\" cellspacing=\"0\" class=\"tr-caption-container\" style=\"float: left;\">\n<tbody>\n<tr>\n<td style=\"text-align: center;\"><a rel=\"nofollow\" href=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2024\/01\/1706693186_970_Des-pirates-chinois-exploitent-les-failles-du-VPN-pour-deployer.jpg\" style=\"clear: left; display: block; margin-left: auto; margin-right: auto; text-align: center;\"><img decoding=\"async\" src=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2024\/01\/1706693186_970_Des-pirates-chinois-exploitent-les-failles-du-VPN-pour-deployer.jpg\" alt=\"Avenir enregistr\u00e9\" border=\"0\" data-original-height=\"380\" data-original-width=\"728\" title=\"Avenir enregistr\u00e9\"\/><\/a><\/td>\n<\/tr>\n<tr>\n<td class=\"tr-caption\" style=\"text-align: center;\">Cr\u00e9dit d\u2019image\u00a0:\u00a0Avenir enregistr\u00e9<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>Sliver, d\u00e9velopp\u00e9 par la soci\u00e9t\u00e9 de cybers\u00e9curit\u00e9 BishopFox, est un cadre de post-exploitation multiplateforme bas\u00e9 sur Golang qui s&#8217;est impos\u00e9 comme une option lucrative pour les acteurs malveillants par rapport \u00e0 d&#8217;autres alternatives bien connues comme Cobalt Strike.<\/p>\n<div class=\"check_two clear babsi\"><center class=\"cf\"><a rel=\"nofollow noopener\" href=\"https:\/\/thn.news\/3UvK59NV\" target=\"_blank\" title=\"Cybersecurity\"><img loading=\"lazy\" decoding=\"async\" class=\"lazyload\" alt=\"La cyber-s\u00e9curit\u00e9\" src=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2024\/01\/Nouveau-JinxLoader-ciblant-les-utilisateurs-avec-les-logiciels-malveillants-Formbook.png\" width=\"727\" height=\"90\"\/><\/a><\/center><\/div>\n<p>Cela dit, Cobalt Strike continue d&#8217;\u00eatre le principal outil de s\u00e9curit\u00e9 offensif observ\u00e9 parmi les infrastructures contr\u00f4l\u00e9es par les attaquants en 2023, suivi de Viper et Meterpreter, selon un rapport publi\u00e9 par Recorded Future plus t\u00f4t ce mois-ci.<\/p>\n<p>&#8220;Havoc et Mythic sont \u00e9galement devenus relativement populaires, mais sont toujours observ\u00e9s en nombre bien inf\u00e9rieur \u00e0 Cobalt Strike, Meterpreter ou Viper&#8221;, a d\u00e9clar\u00e9 la soci\u00e9t\u00e9. <a rel=\"nofollow noopener\" href=\"https:\/\/www.recordedfuture.com\/2023-adversary-infrastructure-report\" target=\"_blank\">dit<\/a>.  &#8220;Quatre autres frameworks bien connus sont Sliver, Havoc, Brute Ratel (BRc4) et Mythic.&#8221;<\/p>\n<p><\/p>\n<div class=\"cf note-b\">Vous avez trouv\u00e9 cet article int\u00e9ressant ?  Suivez-nous sur <a rel=\"nofollow noopener\" href=\"https:\/\/twitter.com\/thehackersnews\" target=\"_blank\">Twitter <i class=\"icon-font icon-twitter\">\uf099<\/i><\/a>  et <a rel=\"nofollow noopener\" href=\"https:\/\/www.linkedin.com\/company\/thehackernews\/\" target=\"_blank\">LinkedIn<\/a> pour lire plus de contenu exclusif que nous publions.<\/div>\n<\/div>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><br \/>\n<br \/><br \/>\n<br \/><a href=\"https:\/\/thehackernews.com\/2024\/01\/chinese-hackers-exploiting-critical-vpn.html\" rel=\"nofollow noopener\" target=\"_blank\">ttn-fr-57<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>\ue80231 janvier 2024\ue804R\u00e9dactionCyberattaque\/S\u00e9curit\u00e9 du r\u00e9seau Deux failles Zero Day r\u00e9cemment r\u00e9v\u00e9l\u00e9es dans les appareils de r\u00e9seau priv\u00e9 virtuel (VPN) Ivanti Connect Secure (ICS) ont \u00e9t\u00e9 exploit\u00e9es pour fournir une charge utile bas\u00e9e sur Rust appel\u00e9e KrustyLoader cela est utilis\u00e9 pour abandonner l&#8217;outil open source de simulation d&#8217;adversaire Sliver. Les vuln\u00e9rabilit\u00e9s de s\u00e9curit\u00e9, identifi\u00e9es comme CVE-2023-46805 [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":1126163,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[200292,5663,4168,4165,4161,200267,9886,133,8736,4806,227358,4159,4171,65,6816,200271,7733,200268,200269,200270,4394,185,128318,4172,4169,4166,27977,4164],"class_list":["post-1126162","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technologie","tag-actualites-sur-la-cybersecurite","tag-chinois","tag-comment-pirater","tag-cyber-attaques","tag-cyber-mises-a-jour","tag-cyberactualites","tag-deployer","tag-des","tag-exploitent","tag-failles","tag-krustyloader","tag-lactualite-de-la-cybersecurite-aujourdhui","tag-lactualite-des-hackers","tag-les","tag-logiciel","tag-logiciel-malveillant-rancongiciel","tag-malveillant","tag-mises-a-jour-sur-la-cybersecurite","tag-nouvelles-des-pirates","tag-nouvelles-sur-le-piratage","tag-pirates","tag-pour","tag-securite-des-informations","tag-securite-informatique","tag-securite-internet","tag-violation-de-donnees","tag-vpn","tag-vulnerabilite-logicielle"],"_links":{"self":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/1126162","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/comments?post=1126162"}],"version-history":[{"count":0,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/1126162\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media\/1126163"}],"wp:attachment":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media?parent=1126162"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/categories?post=1126162"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/tags?post=1126162"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}