“Zombie Zero”的意思、由来-开放百科全书

Zombie Zero^[1] is an attack vector where a cyber attacker utilized malware that was clandestinely embedded in new barcode readers which were manufactured overseas.

It remains unknown if this attack was promulgated by organized crime or a nation state. Clearly there was significant planning and investment in order to design the malware, and then embed it into the hardware within the barcode scanner. Internet of things (IoT) devices may be similarly preinstalled with malware that can capture the network passwords and then open a backdoor to attackers. Given the high volume of these devices manufactured overseas high caution is to be exercised before placing these devices on corporate or government networks.

Detailed data on the attack

A malware embedded scanner was installed on a wireless network. An attack against the internal network initiated automatically using a server message block protocol.

The stolen data which was scanned included every piece of information about the item, destination address, source and more. This was sent clandestinely to a command and control connection back to a botnet in China. This botnet connected to the Lanxiang Vocational School located in the China Unicom network for Shandong province. This school in China has been connected to previous attacks, including Google and the Operation Aurora attack. The manufacturer of the scanner was located just a few blocks away from the school.

The botnet then downloaded a second payload that broadened the command and control which now extended to the target company's corporate servers in finance. The attackers were looking for logistics data on all shipping on a worldwide basis, and the attackers had succeeded in obtaining detailed financial data on all customers and shipments.

Detection

References

1. ^{{cite web|author= |url=https://www.forbes.com/sites/kurtmarko/2014/07/10/trojan-hardware-spreads-apts/#385faa243428 |title=How a Scanner Infected Corporate Systems and Stole Data: Beware Trojan Peripherals |website=Forbes.com |date= |accessdate=2016-09-09}}
2. ^{{cite web|author=Antone Gonsalves |url=http://www.csoonline.com/article/2452986/data-protection/shipping-companies-computers-compromised-by-malware-infected-chinese-scanners.html |title=Shipping companies' computers compromised by malware-infected Chinese scanners |publisher=CSO Online |date=2014-07-10 |accessdate=2016-09-09}}
3. ^{{cite web|url=http://www.darkreading.com/attacks-breaches/chinese-hackers-target-logistics-and-shipping-firms-with-poisoned-inventory-scanners/d/d-id/1297182 |title=Chinese Hackers Target Logistics & Shipping Firms With Poisoned Inventory Scanners |website=Darkreading.com |date= |accessdate=2016-09-09}}
4. ^{{cite web|author=Lucian Constantin |url=http://www.networkworld.com/article/2453101/malware-hidden-in-chinese-inventory-scanners-targeted-logistics-shipping-firms.html |title=Malware hidden in Chinese inventory scanners targeted logistics, shipping firms |publisher=Network World |date=2014-07-10 |accessdate=2016-09-09}}
5. ^{{cite web|last=Anand |first=Priya |url=http://www.marketwatch.com/story/how-hackers-are-infecting-shipping-scanners-2014-07-10 |title=Hackers know who is shipping what, and to where |publisher=MarketWatch |date=2014-07-10 |accessdate=2016-09-09}}
6. ^{{cite web|author= |url=https://www.forbes.com/sites/kurtmarko/2014/07/10/trojan-hardware-spreads-apts/#5b1818334342 |title=How a Scanner Infected Corporate Systems and Stole Data: Beware Trojan Peripherals |website=Forbes.com |date= |accessdate=2016-09-09}}
7. ^{{cite web|author= |url=https://sputniknews.com/us/20150102/1013412983.html |title=Hacker Traps: Fake Computers Used as Bait in Hunt for Cyber Criminals |website=Sputniknews.com |date= |accessdate=2016-09-09}}