À®Ä¹Ãø¤·¤¤¥é¥ó¥µ¥à¥¦¥§¥¢RansomHub¤ÏKnight¤Î¸å·Ñ¡¢¤¿¤À¤·±¿±Ä¤ÏÊÌ¿Í
Symantec¤Ï¤³¤Î¤Û¤É¡¢¡ÖRansomHub: New Ransomware has Origins in Older Knight¡ÃSymantec Enterprise Blogs¡×¤Ë¤ª¤¤¤Æ¡¢À®Ä¹Ãø¤·¤¤¥é¥ó¥µ¥à¥¦¥§¥¢¡ÖRansomHub¡×¤Ï¥é¥ó¥µ¥à¥¦¥§¥¢¡ÖKnight¡×¤Î¸å·Ñ¤Î²ÄǽÀ¤¬Èó¾ï¤Ë¹â¤¤¤ÈÊ󤸤¿¡£¤¿¤À¤·¡¢¥é¥ó¥µ¥à¥¦¥§¥¢¤Î±¿±Ä¼Ô¤ÏÊ̿ͤβÄǽÀ¤¬¹â¤¤¤È»ØŦ¤·¤Æ¤¤¤ë¡£
¡û¥é¥ó¥µ¥à¥¦¥§¥¢¡ÖKnight¡×¤ÎÊĺ¿
¡ÖKnight¡×¤Ï2023ǯ5·î¤Ë½é¤á¤Æ¸ºß¤¬³Îǧ¤µ¤ì¤¿¥é¥ó¥µ¥à¥¦¥§¥¢¡£Windows¡¢Linux¡¢macOS¡¢VMware ESXi¡¢Android¤Ê¤ÉÉü¿ô¤Î¥×¥é¥Ã¥È¥Õ¥©¡¼¥à¤òɸŪ¤Ë¤¹¤ë¡£¥é¥ó¥µ¥à¥¦¥§¥¢¡¦¥¢¥º¡¦¥¢¡¦¥µ¡¼¥Ó¥¹(RaaS: Ransomware-as-a-Service)¤È¤·¤Æ¤â±¿±Ä¤µ¤ì¡¢Â¿¤¯¤Î¥µ¥¤¥Ð¡¼ÈȺá¼Ô¤ËÍøÍѤµ¤ì¤¿¤È¤ß¤é¤ì¤Æ¤¤¤ë¡£2024ǯ2·î¡¢Knight¤Î³«È¯¼Ô¤Ï±¿±Ä¤Î½ªÎ»¤ò·èÄꤷ¡¢¥½¡¼¥¹¥³¡¼¥É¤ò¥¢¥ó¥À¡¼¥°¥é¥¦¥ó¥É¥Õ¥©¡¼¥é¥à¤ÇÈÎÇ䤷¤¿¡£
¡û¥é¥ó¥µ¥à¥¦¥§¥¢¡ÖRansomHub¡×¤ÎÅоì
¥é¥ó¥µ¥à¥¦¥§¥¢¡ÖRansomHub¡×¤ÏKnight¤Î¥½¡¼¥¹¥³¡¼¥ÉÈÎÇä¤ÈƱ¤¸2024ǯ2·î¤Ë¸ºß¤¬³Îǧ¤µ¤ì¤¿¡£Symantec¤ÎʬÀϤˤè¤ë¤È¡¢¤É¤Á¤é¤âGo¸À¸ì¤Çµ½Ò¤µ¤ì¤Æ¤ª¤ê¡¢¶èÊ̤¬º¤Æñ¤Ê¤Û¤É¥³¡¼¥É¤Î½ÅÊ£¤¬Â¿¤¯³Îǧ¤Ç¤¤ë¤È¤¤¤¦¡£Â¾¤Ë¤â¿ÈÂå¶â¥á¥â¤ËÎà»÷ÅÀ¤¬Â¸ºß¤¹¤ë¤³¤È¤«¤é¡¢RansomHub¤ÏKnight¤Î¥½¡¼¥¹¥³¡¼¥É¤Ë½¤Àµ¤ò²Ã¤¨¤¿¤â¤Î¤È¿ä¬¤µ¤ì¤Æ¤¤¤ë¡£
Symantec¤ÎºÇ¶á¤ÎÄ´ºº¤Ç¤Ï¡¢RansomHub¤ò»ÈÍѤ¹¤ë¹¶·â¼Ô¤ÏMicrosoft¤ÎNetlogon¤ÎÀȼåÀ¡ÖCVE-2020-1472¡×¤ò°ÍѤ·¡¢½é´ü¥¢¥¯¥»¥¹¤ò¼èÆÀ¤·¤¿¤³¤È¤¬³Îǧ¤µ¤ì¤Æ¤¤¤ë¡£¤³¤Î¤È¤¡¢¹¶·â¼Ô¤Ï¥é¥ó¥µ¥à¥¦¥§¥¢¤òŸ³«¤¹¤ëÁ°¤Ë¡¢Splashtop¤ÈÅý¹ç¤·¤¿Atera¤Î¥ê¥â¡¼¥È´Æ»ë¤ª¤è¤Ó´ÉÍý(RMM: Remote Monitoring and Management)¥½¥Õ¥È¥¦¥§¥¢¤ÈNetScan¤ò»ÈÍѤ·¤¿¤È¤¤¤¦¡£
RansomHub¤ÏÀ®Ä¹Ãø¤·¤¯¡¢Åо줫¤é¤ï¤º¤«3¥«·î¤Ç4ÈÖÌܤ˹¶·â·ï¿ô¤Î¿¤¤¥é¥ó¥µ¥à¥¦¥§¥¢¤Ë̾¾è¤ê¤ò¾å¤²¤Æ¤¤¤ë¡£
¡û¥é¥ó¥µ¥à¥¦¥§¥¢¡ÖKnight¡×¤ÎÊĺ¿
¡ÖKnight¡×¤Ï2023ǯ5·î¤Ë½é¤á¤Æ¸ºß¤¬³Îǧ¤µ¤ì¤¿¥é¥ó¥µ¥à¥¦¥§¥¢¡£Windows¡¢Linux¡¢macOS¡¢VMware ESXi¡¢Android¤Ê¤ÉÉü¿ô¤Î¥×¥é¥Ã¥È¥Õ¥©¡¼¥à¤òɸŪ¤Ë¤¹¤ë¡£¥é¥ó¥µ¥à¥¦¥§¥¢¡¦¥¢¥º¡¦¥¢¡¦¥µ¡¼¥Ó¥¹(RaaS: Ransomware-as-a-Service)¤È¤·¤Æ¤â±¿±Ä¤µ¤ì¡¢Â¿¤¯¤Î¥µ¥¤¥Ð¡¼ÈȺá¼Ô¤ËÍøÍѤµ¤ì¤¿¤È¤ß¤é¤ì¤Æ¤¤¤ë¡£2024ǯ2·î¡¢Knight¤Î³«È¯¼Ô¤Ï±¿±Ä¤Î½ªÎ»¤ò·èÄꤷ¡¢¥½¡¼¥¹¥³¡¼¥É¤ò¥¢¥ó¥À¡¼¥°¥é¥¦¥ó¥É¥Õ¥©¡¼¥é¥à¤ÇÈÎÇ䤷¤¿¡£
¡û¥é¥ó¥µ¥à¥¦¥§¥¢¡ÖRansomHub¡×¤ÎÅоì
¥é¥ó¥µ¥à¥¦¥§¥¢¡ÖRansomHub¡×¤ÏKnight¤Î¥½¡¼¥¹¥³¡¼¥ÉÈÎÇä¤ÈƱ¤¸2024ǯ2·î¤Ë¸ºß¤¬³Îǧ¤µ¤ì¤¿¡£Symantec¤ÎʬÀϤˤè¤ë¤È¡¢¤É¤Á¤é¤âGo¸À¸ì¤Çµ½Ò¤µ¤ì¤Æ¤ª¤ê¡¢¶èÊ̤¬º¤Æñ¤Ê¤Û¤É¥³¡¼¥É¤Î½ÅÊ£¤¬Â¿¤¯³Îǧ¤Ç¤¤ë¤È¤¤¤¦¡£Â¾¤Ë¤â¿ÈÂå¶â¥á¥â¤ËÎà»÷ÅÀ¤¬Â¸ºß¤¹¤ë¤³¤È¤«¤é¡¢RansomHub¤ÏKnight¤Î¥½¡¼¥¹¥³¡¼¥É¤Ë½¤Àµ¤ò²Ã¤¨¤¿¤â¤Î¤È¿ä¬¤µ¤ì¤Æ¤¤¤ë¡£
Symantec¤ÎºÇ¶á¤ÎÄ´ºº¤Ç¤Ï¡¢RansomHub¤ò»ÈÍѤ¹¤ë¹¶·â¼Ô¤ÏMicrosoft¤ÎNetlogon¤ÎÀȼåÀ¡ÖCVE-2020-1472¡×¤ò°ÍѤ·¡¢½é´ü¥¢¥¯¥»¥¹¤ò¼èÆÀ¤·¤¿¤³¤È¤¬³Îǧ¤µ¤ì¤Æ¤¤¤ë¡£¤³¤Î¤È¤¡¢¹¶·â¼Ô¤Ï¥é¥ó¥µ¥à¥¦¥§¥¢¤òŸ³«¤¹¤ëÁ°¤Ë¡¢Splashtop¤ÈÅý¹ç¤·¤¿Atera¤Î¥ê¥â¡¼¥È´Æ»ë¤ª¤è¤Ó´ÉÍý(RMM: Remote Monitoring and Management)¥½¥Õ¥È¥¦¥§¥¢¤ÈNetScan¤ò»ÈÍѤ·¤¿¤È¤¤¤¦¡£
RansomHub¤ÏÀ®Ä¹Ãø¤·¤¯¡¢Åо줫¤é¤ï¤º¤«3¥«·î¤Ç4ÈÖÌܤ˹¶·â·ï¿ô¤Î¿¤¤¥é¥ó¥µ¥à¥¦¥§¥¢¤Ë̾¾è¤ê¤ò¾å¤²¤Æ¤¤¤ë¡£
