Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

mardi 27 juin 2017

Petya-Like Malware Campaign (CERT-EU Security Advisory 2017-014)

A large malware campaign broke out on Tuesday, 27/06/2017 and was widely reported in the news. The malware used -- which appears to be similar to Petya -- has been augmented with efficient local network spreading mechanisms, which resulted in a very rapid infection rate inside affected organizations. The local propagation is apparently achieved by a combination of the use of EternalBlue (the same exploit as the one used by WannaCry earlier), EternalRomance, and WMIC/psexec propagation vector using credentials harvested with a code similar to Mimikatz. First analysis points to at least one likely infection vector being associated with software update systems for a Ukrainian tax accounting package called MeDoc. However, as among the impacted organizations there were those that did not use the software, it is likely that other infection vectors are also used.

Lien vers l'article source

Auteur: Cert EU

Catégories: CertEUNombre de vues: 192

x

Événements SSI