{"id":499122,"date":"2022-12-07T05:01:28","date_gmt":"2022-12-07T07:01:28","guid":{"rendered":"https:\/\/teknomers.com\/fr\/le-nouveau-botnet-zerobot-base-sur-go-exploite-une-douzaine-de-vulnerabilites-iot-pour-etendre-son-reseau\/"},"modified":"2022-12-07T05:01:29","modified_gmt":"2022-12-07T07:01:29","slug":"le-nouveau-botnet-zerobot-base-sur-go-exploite-une-douzaine-de-vulnerabilites-iot-pour-etendre-son-reseau","status":"publish","type":"post","link":"https:\/\/teknomers.com\/fr\/le-nouveau-botnet-zerobot-base-sur-go-exploite-une-douzaine-de-vulnerabilites-iot-pour-etendre-son-reseau\/","title":{"rendered":"Le nouveau botnet Zerobot bas\u00e9 sur Go exploite une douzaine de vuln\u00e9rabilit\u00e9s IoT pour \u00e9tendre son r\u00e9seau"},"content":{"rendered":"<p> <br \/>\n<\/p>\n<div>\n<p><span class=\"p-author\"><i class=\"icon-font icon-calendar\">\ue802<\/i><span class=\"author\">07 d\u00e9cembre 2022<\/span><i class=\"icon-font icon-user\">\ue804<\/i><span class=\"author\">Ravie Lakshmanan<\/span><\/span><span class=\"p-tags\">Internet des Objets \/ Botnet<\/span><\/p>\n<\/div>\n<div id=\"articlebody\">\n<div class=\"separator\" style=\"clear: both;\"><\/div>\n<p>Un nouveau botnet bas\u00e9 sur Go appel\u00e9 <strong>Z\u00e9robot<\/strong> a \u00e9t\u00e9 observ\u00e9 dans la nature prolif\u00e9rant en tirant parti de pr\u00e8s de deux douzaines de vuln\u00e9rabilit\u00e9s de s\u00e9curit\u00e9 dans les appareils de l&#8217;Internet des objets (IoT) et d&#8217;autres logiciels.<\/p>\n<p>Le botnet &#8220;contient plusieurs modules, y compris l&#8217;auto-r\u00e9plication, les attaques pour diff\u00e9rents protocoles et l&#8217;auto-propagation&#8221;, a d\u00e9clar\u00e9 Cara Lin, chercheuse chez Fortinet FortiGuard Labs. <a rel=\"nofollow noopener\" href=\"https:\/\/www.fortinet.com\/blog\/threat-research\/zerobot-new-go-based-botnet-campaign-targets-multiple-vulnerabilities\" target=\"_blank\">a dit<\/a>.  &#8220;Il communique \u00e9galement avec son serveur de commande et de contr\u00f4le \u00e0 l&#8217;aide du protocole WebSocket.&#8221;<\/p>\n<p>La campagne, qui aurait commenc\u00e9 apr\u00e8s le 18 novembre 2022, cible principalement le syst\u00e8me d&#8217;exploitation Linux pour prendre le contr\u00f4le des appareils vuln\u00e9rables.<\/p>\n<div class=\"ad_two clear\"><center class=\"cf\"><a rel=\"nofollow noopener\" href=\"https:\/\/go.thn.li\/uptycs-inside\" target=\"_blank\" title=\"CyberSecurity\"><img decoding=\"async\" alt=\"La cyber-s\u00e9curit\u00e9\" class=\"lazyload\" loading=\"lazy\" src=\"https:\/\/thehackernews.com\/new-images\/img\/b\/R29vZ2xl\/AVvXsEjRFZ8qsBvgTY-k97x35shkWsLwy9nml2qvGAhoSUrgnOv4cjMNq_Fxt3PX1-fGsYvukFgecZk_tEq7yo25JhDC5-Vs1Y7zQbdJRNWI2oxxbGupTJLIJ0PYz_4_8B6uWYsPON_7MgJlvofZuiWyadFpo71DOfXvGZzq6ie6zFQwJuzi2macqFLGR30PbA\/s1600\/Uptycs-728.jpg\" width=\"728\" height=\"90\"\/><\/a><\/center><\/div>\n<p>Zerobot tire son nom d&#8217;un script de propagation utilis\u00e9 pour r\u00e9cup\u00e9rer la charge utile malveillante apr\u00e8s avoir obtenu l&#8217;acc\u00e8s \u00e0 un h\u00f4te en fonction de sa mise en \u0153uvre de la microarchitecture (par exemple, &#8220;zero.arm64&#8221;).<\/p>\n<p>Le logiciel malveillant est con\u00e7u pour cibler un large \u00e9ventail d&#8217;architectures de processeur telles que i386, amd64, arm, arm64, mips, mips64, mips64le, mipsle, ppc64, ppc64le, riscv64 et s390x.<\/p>\n<div class=\"separator\" style=\"clear: both;\"><img decoding=\"async\" alt=\"\" border=\"0\" data-original-height=\"410\" data-original-width=\"728\" src=\"https:\/\/thehackernews.com\/new-images\/img\/b\/R29vZ2xl\/AVvXsEj8OqZFMIkRmcR_8DkePQDV4_W3UdNOJhvGm-EkmUWRra6-JmswlOiExEv9sWSgWFGYF3wgC70LKZ96wiEJ-i-rTBSebA_Iot2Ynhm0OTqBXawcQeA_Dtm-2ZJzDW87nI5vheqM3cRLmRB7C5fywQcORLz5xwE3awLBcxHjcKObJkhnOLeOluL68z4H\/s728-e100\/flaws.png\"\/><\/div>\n<p>Deux versions de Zerobot ont \u00e9t\u00e9 rep\u00e9r\u00e9es \u00e0 ce jour : une utilis\u00e9e avant le 24 novembre 2022, qui est livr\u00e9e avec des fonctions de base et une variante mise \u00e0 jour qui comprend un module d&#8217;auto-propagation pour violer d&#8217;autres terminaux \u00e0 l&#8217;aide de 21 exploits.<\/p>\n<p>Cela comprend les vuln\u00e9rabilit\u00e9s affectant les routeurs TOTOLINK, les pare-feu Zyxel, F5 BIG-IP, les cam\u00e9ras Hikvision, les cam\u00e9ras thermiques FLIR AX8, le NAS D-Link DNS-320 et Spring Framework, entre autres.<\/p>\n<p>Zerobot, lors de l&#8217;initialisation dans la machine compromise, \u00e9tablit un contact avec un serveur de commande et de contr\u00f4le (C2) distant et attend d&#8217;autres instructions qui lui permettent d&#8217;ex\u00e9cuter des commandes arbitraires et de lancer des attaques pour diff\u00e9rents protocoles r\u00e9seau tels que TCP, UDP, TLS, HTTP, et ICMP.<\/p>\n<p>&#8220;En tr\u00e8s peu de temps, il a \u00e9t\u00e9 mis \u00e0 jour avec l&#8217;obscurcissement des cha\u00eenes, un module de copie de fichiers et un module d&#8217;exploitation de propagation qui font[s] il est plus difficile \u00e0 d\u00e9tecter et lui donne une plus grande capacit\u00e9 \u00e0 infecter plus d&#8217;appareils \u00bb, a d\u00e9clar\u00e9 Lin.<\/p>\n<p><\/p>\n<div class=\"cf note-b\">Vous avez trouv\u00e9 cet article int\u00e9ressant ?  Suivez-nous sur <a rel=\"nofollow noopener\" href=\"https:\/\/twitter.com\/thehackersnews\" target=\"_blank\">Twitter <i class=\"icon-font icon-twitter\">\uf099<\/i><\/a>  et <a rel=\"nofollow noopener\" href=\"https:\/\/www.linkedin.com\/company\/thehackernews\/\" target=\"_blank\">LinkedIn<\/a> pour lire plus de contenu exclusif que nous publions.<\/div>\n<\/div>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><br \/>\n<br \/><br \/>\n<br \/><a href=\"https:\/\/thehackernews.com\/2022\/12\/new-go-based-zerobot-botnet-exploiting.html\" rel=\"nofollow noopener\" target=\"_blank\">ttn-fr-57<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>\ue80207 d\u00e9cembre 2022\ue804Ravie LakshmananInternet des Objets \/ Botnet Un nouveau botnet bas\u00e9 sur Go appel\u00e9 Z\u00e9robot a \u00e9t\u00e9 observ\u00e9 dans la nature prolif\u00e9rant en tirant parti de pr\u00e8s de deux douzaines de vuln\u00e9rabilit\u00e9s de s\u00e9curit\u00e9 dans les appareils de l&#8217;Internet des objets (IoT) et d&#8217;autres logiciels. Le botnet &#8220;contient plusieurs modules, y compris l&#8217;auto-r\u00e9plication, les [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":499123,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[3283,5464,4168,4158,4165,4161,30473,35425,7727,21708,4157,4159,4171,4170,4167,4160,680,4163,4162,185,4810,4172,4169,167,60,196,4166,4164,12365,130235],"class_list":["post-499122","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technologie","tag-base","tag-botnet","tag-comment-pirater","tag-cyber-actualites","tag-cyber-attaques","tag-cyber-mises-a-jour","tag-douzaine","tag-etendre","tag-exploite","tag-iot","tag-lactualite-de-la-cybersecurite","tag-lactualite-de-la-cybersecurite-aujourdhui","tag-lactualite-des-hackers","tag-la-securite-des-informations","tag-logiciel-malveillant-de-ransomware","tag-mises-a-jour-de-la-cybersecurite","tag-nouveau","tag-nouvelles-de-piratage","tag-nouvelles-de-pirates","tag-pour","tag-reseau","tag-securite-informatique","tag-securite-internet","tag-son","tag-sur","tag-une","tag-violation-de-donnees","tag-vulnerabilite-logicielle","tag-vulnerabilites","tag-zerobot"],"_links":{"self":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/499122","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/comments?post=499122"}],"version-history":[{"count":0,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/499122\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media\/499123"}],"wp:attachment":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media?parent=499122"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/categories?post=499122"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/tags?post=499122"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}