Cybersecurity researchers have warned about a Windows version of a wiper malware that was previously observed targeting Linux systems in cyber attacks aimed at Israel.
网络安全研究人员警告称,先前曾针对以色列进行网络攻击的一种擦除型恶意软件的Windows版本已经出现。
Dubbed BiBi-Windows Wiper by BlackBerry, the wiper is the Windows counterpart of BiBi-Linux Wiper, which has been put to use by a pro-Hamas hacktivist group in the wake of the Israel-Hamas war last month.
BlackBerry公司将其命名为BiBi-Windows Wiper,该擦除型恶意软件是BiBi-Linux Wiper的Windows版本,在以色列 - 哈马斯战争结束后由支持哈马斯的骇客组织使用。
"The Windows variant [...] confirms that the threat actors who created the wiper are continuing to build out the malware, and indicates an expansion of the attack to target end user machines and application servers," the Canadian company said Friday.
"Windows版本[...]证实创建擦除型软件的威胁行为者正在继续改进该恶意软件,并表明攻击正在扩大到目标终端用户机器和应用服务器,"加拿大公司表示。
Slovak cybersecurity firm is tracking the actor behind the wiper under the name BiBiGun, noting that the Windows variant (bibi.exe) is designed to overwrite data in the C:Users directory recursively with junk data and appends .BiBi to the filename.
斯洛伐克网络安全公司以BiBiGun的名义跟踪擦除型软件背后的行为者,并指出Windows变种(bibi.exe)旨在递归地覆盖C:Users目录中的数据,并在文件名末尾添加.BiBi。
The BiBi-Windows Wiper artifact is said to have been compiled on October 21, 2023, two weeks after the onset of the war. The exact method by which it is distributed is currently unknown.
据说BiBi-Windows Wiper工具是在2023年10月21日编译的,即战争爆发后两周。目前还不清楚它是通过何种方法传播的。
Besides corrupting all files with the exception of those with .exe, .dll, and .sys extensions, the wiper deletes shadow copies from the system, effectively preventing the victims from recovering their files.
除了破坏所有文件(.exe、.dll和.sys扩展名除外),该擦除型软件还从系统中删除阴影副本,有效地阻止受害者恢复其文件。
Another notable similarity with its Linux variant is its multithreading capability.
与其Linux变种一样,另一个引人注目的相似之处是其多线程能力。
"For the fastest possible destruction action, the malware runs 12 threads with eight processor cores," Dmitry Bestuzhev, senior director of cyber threat intelligence at BlackBerry, said.
"为了实现最快的破坏行动,恶意软件运行12个线程,配备八个处理器核心,"BlackBerry的高级网络威胁情报总监Dmitry Bestuzhev说道。
It's not immediately clear if the wiper has been deployed in real-world attacks, and if so, who the targets are.
目前尚不清楚该擦除型软件是否已经在现实世界中部署,如果是,目标是谁。
The development comes as Security Joes, which first documented BiBi-Linux Wiper, said the malware is part of a "larger campaign targeting Israeli companies with the deliberate intent to disrupt their day-to-day operations using data destruction."
这一进展发生在首次记录BiBi-Linux Wiper的Security Joes公司表示,该恶意软件是一场"有意破坏以色列公司日常运营的大规模数据清除活动"的一部分。
The cybersecurity firm said it identified tactical overlaps between the hacktivist group, who call themselves Karma, and another geopolitically motivated actor codenamed Moses Staff (aka Cobalt Sapling), which is suspected to be of Iranian origin.
网络安全公司表示,在自称为Karma的骇客组织和另一个地缘政治动机的行为者,代号为Moses Staff(又名Cobalt Sapling),之间存在战术上的重叠,后者被怀疑是伊朗起源。
"Although the campaign has primarily centered around Israeli IT and government sectors up to this point, some of the participating groups, such as Moses Staff, have a history of simultaneously targeting organizations across various business sectors and geographical locations," Security Joes said.
"尽管此次活动主要集中在以色列的IT和政府部门,但一些参与的组织,如Moses Staff,有同时针对各种业务部门和地理位置的组织进行攻击的历史,"Security Joes表示。
推荐站内搜索:最好用的开发软件、免费开源系统、渗透测试工具云盘下载、最新渗透测试资料、最新黑客工具下载……
还没有评论,来说两句吧...