iPhone¤ÎSafari¤ÈGoogle Chrome¤ÎÀȼåÀ¤Î¥µ¥¤¥Ð¡¼¹¶·â¤Ø¤Î°ÍѳÎǧ
Google¤Ï8·î29Æü(Êƹñ»þ´Ö)¡¢¡ÖState-backed attackers and commercial surveillance vendors repeatedly use the same exploits¡×¤Ë¤ª¤¤¤Æ¡¢iPhone¤ª¤è¤ÓiPad¤ÎSafari¤È¡¢Google Chrome¤Î½¤ÀµºÑ¤ß¤ÎÀȼåÀ¤ò°ÍѤ¹¤ë¥µ¥¤¥Ð¡¼¹¶·â¤Î¥¥ã¥ó¥Ú¡¼¥ó¤ò³Îǧ¤·¤¿¤ÈÊ󤸤¿¡£¤³¤Î¥¥ã¥ó¥Ú¡¼¥ó¤Ç¤Ï¥â¥ó¥´¥ëÀ¯ÉܤÎWeb¥µ¥¤¥È¤¬¿¯³²¤µ¤ì¡¢¿å°û¤ß¾ì·¿¹¶·â¤Ë°ÍѤµ¤ì¤¿¤È¤¤¤¦¡£
State-backed attackers and commercial surveillance vendors repeatedly use the same exploits
¡û°ÍѤµ¤ì¤¿ÀȼåÀ¤Î³µÍ×
Google¤Î¶¼°ÒʬÀÏ¥°¥ë¡¼¥×(TAG: Threat Analysis Group)¤¬³Îǧ¤·¤¿¤³¤Î¥¥ã¥ó¥Ú¡¼¥ó¤Ï¡¢2023ǯ11·î¤«¤é2024ǯ7·î¤Þ¤Ç¤Î´ü´Ö¤Ë3Åټ¹Ԥµ¤ì¤¿¤³¤È¤¬³Îǧ¤µ¤ì¤Æ¤¤¤ë¡£¹¶·â¼Ô¤Ï¤½¤Î¤¹¤Ù¤Æ¤Î¹¶·â¤Ë¤ª¤¤¤Æ¡¢¥â¥ó¥´¥ëÀ¯ÉܤÎWeb¥µ¥¤¥È¤ò¿¯³²¤·¡¢¥¢¥¯¥»¥¹¤·¤¿¥æ¡¼¥¶¡¼¤ËÂФ·¥¨¥¯¥¹¥×¥í¥¤¥È¤òÇÛ¿®¤·¤¿¡£¤³¤Î¥¥ã¥ó¥Ú¡¼¥ó¤ÎÌÜŪ¤Ï¡¢Web¥Ö¥é¥¦¥¶¤ÎCookie¾ðÊó¤ÎÀà¼è¤È¤µ¤ì¤ë¡£
°ÍѤµ¤ì¤¿ÀȼåÀ¤ª¤è¤Ó¹¶·â¤Î³µÍפϼ¡¤Î¤È¤ª¤ê¡£
¡ûiPhone¥æ¡¼¥¶¡¼¤Ø¤Î¹¶·â
2023ǯ11·î¡¢iOS 16.6.1¤ª¤è¤Ó¤³¤ì°ÊÁ°¤Î¥Ð¡¼¥¸¥ç¥ó¤ò¼Â¹Ô¤·¤Æ¤¤¤ëiPhone¥æ¡¼¥¶¡¼¤ËÂФ·¡¢¡ÖCVE-2023-41993¡×¤ò°ÍѤ¹¤ë¥¨¥¯¥¹¥×¥í¥¤¥È¤¬ÇÛ¿®¤µ¤ì¤¿¡£ÇÛ¿®¸µWeb¥µ¥¤¥È¤Ï¡Öcabinet.gov[.]mn¡×¤ª¤è¤Ó¡Ömfa.gov[.]mn¡×¤È¤µ¤ì¤ë¡£
¤³¤Î¹¶·â¤Ç¤Ï¡¢ºÇ½ªÅª¤ËCookie¾ðÊó¤òÀà¼è¤¹¤ë¥Þ¥ë¥¦¥§¥¢¤¬Å¸³«¤µ¤ì¤¿¡£¤³¤Î¥Þ¥ë¥¦¥§¥¢¤Ï¼¡¤ÎWeb¥µ¥¤¥È¤ÎCookie¤À¤±¤òÀà¼è¤¹¤ë¡£
accounts.google[.]com
login.microsoftonline[.]com
mail.google[.]com/mail/mu/0
www.linkedin[.]com
linkedin[.]com
www.office[.]com
login.live[.]com
outlook.live[.]com
login.yahoo[.]com
mail.yahoo[.]com
facebook[.]com
github[.]com
icloud[.]com
¡û2ÅÙÌܤι¶·â
2024ǯ2·î¡¢¾åµ¤ÈƱ¤¸¹¶·â¤¬ºÆÅÙ·«¤êÊÖ¤µ¤ì¤¿¡£ÇÛ¿®¸µWeb¥µ¥¤¥È¤Ï¡Ömfa.gov[.]mn¡×¤Î¤ß¤È¤µ¤ì¤ë¡£¤³¤Î¤È¤ÇÛÉÛ¤µ¤ì¤¿¥Þ¥ë¥¦¥§¥¢¤Ï¾åµWeb¥µ¥¤¥È¤Ë²Ã¤¨¡¢¡Öwebmail.mfa.gov[.]mn/owa/auth¡×¤ÎCookie¤âÀà¼è¤¹¤ë¡£
¡ûGoogle Chrome¤Ø¤Î¹¶·â
2024ǯ7·î¡¢Google Chrome¥Ð¡¼¥¸¥ç¥ó121¡¢122¡¢123¤ò»ÈÍѤ¹¤ëAndroid¥æ¡¼¥¶¡¼¤ËÂФ·¡¢¡ÖCVE-2024-5274¡×¤ª¤è¤Ó¡ÖCVE-2024-4671¡×¤ò°ÍѤ¹¤ë¥¨¥¯¥¹¥×¥í¥¤¥È¤¬ÇÛ¿®¤µ¤ì¤¿¡£ÇÛ¿®¸µWeb¥µ¥¤¥È¤Ï¡Ömfa.gov[.]mn¡×¤Î¤ß¤È¤µ¤ì¤ë¡£
¤³¤Î¹¶·â¤Ç¤Ï¡¢ºÇ½ªÅª¤Ë¼¡¤Î¾ðÊó¤òÀà¼è¤¹¤ë¥Þ¥ë¥¦¥§¥¢¤¬Å¸³«¤µ¤ì¤¿¡£
¤¹¤Ù¤Æ¤ÎCookie
¥¯¥ì¥¸¥Ã¥È¥«¡¼¥É¾ðÊó¤ä¥¢¥«¥¦¥ó¥È´ØÏ¢¾ðÊó
Chrome¤ËÊݸ¤µ¤ì¤Æ¤¤¤ë¥Ñ¥¹¥ï¡¼¥É
Chrome¤ÎÍúÎò
¤¹¤Ù¤Æ¤Î¥È¥é¥¹¥È¥È¡¼¥¯¥ó
¡û±Æ¶Á¤ÈÂкö
Google¤Ï¤³¤Î¥¥ã¥ó¥Ú¡¼¥ó¤Ë»ÈÍѤµ¤ì¤¿ºÇ½ª¥Ú¥¤¥í¡¼¥É¤ÎʬÀϤʤɤ«¤é¡¢¥í¥·¥¢À¯Éܤλٱç¤ò¼õ¤±¤Æ¤¤¤ë¤È¤ß¤é¤ì¤ë¶¼°Ò¥°¥ë¡¼¥×¡ÖAPT29(ÊÌ̾¡§Midnight Blizzard)¡×¤¬¥¥ã¥ó¥Ú¡¼¥ó¤Ë´ØÍ¿¤·¤¿µ¿¤¤¤¬¤¢¤ë¤È»ØŦ¤·¤Æ¤¤¤ë¡£¹¶·â¤Ï½¤ÀµºÑ¤ß¤ÎÀȼåÀ¤ò°ÍѤ·¤¿¤â¤Î¤À¤Ã¤¿¤¬¡¢¥¢¥Ã¥×¥Ç¡¼¥È¤ò¼Â»Ü¤·¤Æ¤¤¤Ê¤¤¥æ¡¼¥¶¡¼¤Ï¿¤¤¤È¤ß¤é¤ì¡¢Google¤Ï¸ú²ÌŪ¤Ê¹¶·â¼êÃʤˤʤêÆÀ¤ë¤Èɾ²Á¤·¤Æ¤¤¤ë¡£
¤³¤Î¥¥ã¥ó¥Ú¡¼¥ó¤ÎɸŪ¤È¤Ê¤Ã¤¿¥Ç¥Ð¥¤¥¹¤ª¤è¤ÓWeb¥Ö¥é¥¦¥¶¤ò»ÈÍѤ·¤Æ¤¤¤ë¥æ¡¼¥¶¡¼¤Ë¤Ï¡¢Æ±Íͤι¶·â¤ò²óÈò¤¹¤ë¤¿¤á¤ËiOS¤ª¤è¤ÓGoogle Chrome¤òºÇ¿·¥Ð¡¼¥¸¥ç¥ó¤Ë¥¢¥Ã¥×¥Ç¡¼¥È¤¹¤ë¤³¤È¤¬¿ä¾©¤µ¤ì¤Æ¤¤¤ë¡£¤Þ¤¿¡¢Google¤ÏÄ´ºº¤Î²áÄø¤Ë¤ÆȽÌÀ¤·¤¿¥»¥¥å¥ê¥Æ¥£¿¯³²¥¤¥ó¥¸¥±¡¼¥¿¡¼(IoC: Indicator of Compromise)¤ò¸ø³«¤·¤Æ¤ª¤ê¡¢É¬Íפ˱þ¤¸¤Æ³èÍѤ¹¤ë¤³¤È¤¬Ë¾¤Þ¤ì¤Æ¤¤¤ë¡£
¡û°ÍѤµ¤ì¤¿ÀȼåÀ¤Î³µÍ×
Google¤Î¶¼°ÒʬÀÏ¥°¥ë¡¼¥×(TAG: Threat Analysis Group)¤¬³Îǧ¤·¤¿¤³¤Î¥¥ã¥ó¥Ú¡¼¥ó¤Ï¡¢2023ǯ11·î¤«¤é2024ǯ7·î¤Þ¤Ç¤Î´ü´Ö¤Ë3Åټ¹Ԥµ¤ì¤¿¤³¤È¤¬³Îǧ¤µ¤ì¤Æ¤¤¤ë¡£¹¶·â¼Ô¤Ï¤½¤Î¤¹¤Ù¤Æ¤Î¹¶·â¤Ë¤ª¤¤¤Æ¡¢¥â¥ó¥´¥ëÀ¯ÉܤÎWeb¥µ¥¤¥È¤ò¿¯³²¤·¡¢¥¢¥¯¥»¥¹¤·¤¿¥æ¡¼¥¶¡¼¤ËÂФ·¥¨¥¯¥¹¥×¥í¥¤¥È¤òÇÛ¿®¤·¤¿¡£¤³¤Î¥¥ã¥ó¥Ú¡¼¥ó¤ÎÌÜŪ¤Ï¡¢Web¥Ö¥é¥¦¥¶¤ÎCookie¾ðÊó¤ÎÀà¼è¤È¤µ¤ì¤ë¡£
°ÍѤµ¤ì¤¿ÀȼåÀ¤ª¤è¤Ó¹¶·â¤Î³µÍפϼ¡¤Î¤È¤ª¤ê¡£
¡ûiPhone¥æ¡¼¥¶¡¼¤Ø¤Î¹¶·â
2023ǯ11·î¡¢iOS 16.6.1¤ª¤è¤Ó¤³¤ì°ÊÁ°¤Î¥Ð¡¼¥¸¥ç¥ó¤ò¼Â¹Ô¤·¤Æ¤¤¤ëiPhone¥æ¡¼¥¶¡¼¤ËÂФ·¡¢¡ÖCVE-2023-41993¡×¤ò°ÍѤ¹¤ë¥¨¥¯¥¹¥×¥í¥¤¥È¤¬ÇÛ¿®¤µ¤ì¤¿¡£ÇÛ¿®¸µWeb¥µ¥¤¥È¤Ï¡Öcabinet.gov[.]mn¡×¤ª¤è¤Ó¡Ömfa.gov[.]mn¡×¤È¤µ¤ì¤ë¡£
¤³¤Î¹¶·â¤Ç¤Ï¡¢ºÇ½ªÅª¤ËCookie¾ðÊó¤òÀà¼è¤¹¤ë¥Þ¥ë¥¦¥§¥¢¤¬Å¸³«¤µ¤ì¤¿¡£¤³¤Î¥Þ¥ë¥¦¥§¥¢¤Ï¼¡¤ÎWeb¥µ¥¤¥È¤ÎCookie¤À¤±¤òÀà¼è¤¹¤ë¡£
accounts.google[.]com
login.microsoftonline[.]com
mail.google[.]com/mail/mu/0
www.linkedin[.]com
linkedin[.]com
www.office[.]com
login.live[.]com
outlook.live[.]com
login.yahoo[.]com
mail.yahoo[.]com
facebook[.]com
github[.]com
icloud[.]com
¡û2ÅÙÌܤι¶·â
2024ǯ2·î¡¢¾åµ¤ÈƱ¤¸¹¶·â¤¬ºÆÅÙ·«¤êÊÖ¤µ¤ì¤¿¡£ÇÛ¿®¸µWeb¥µ¥¤¥È¤Ï¡Ömfa.gov[.]mn¡×¤Î¤ß¤È¤µ¤ì¤ë¡£¤³¤Î¤È¤ÇÛÉÛ¤µ¤ì¤¿¥Þ¥ë¥¦¥§¥¢¤Ï¾åµWeb¥µ¥¤¥È¤Ë²Ã¤¨¡¢¡Öwebmail.mfa.gov[.]mn/owa/auth¡×¤ÎCookie¤âÀà¼è¤¹¤ë¡£
¡ûGoogle Chrome¤Ø¤Î¹¶·â
2024ǯ7·î¡¢Google Chrome¥Ð¡¼¥¸¥ç¥ó121¡¢122¡¢123¤ò»ÈÍѤ¹¤ëAndroid¥æ¡¼¥¶¡¼¤ËÂФ·¡¢¡ÖCVE-2024-5274¡×¤ª¤è¤Ó¡ÖCVE-2024-4671¡×¤ò°ÍѤ¹¤ë¥¨¥¯¥¹¥×¥í¥¤¥È¤¬ÇÛ¿®¤µ¤ì¤¿¡£ÇÛ¿®¸µWeb¥µ¥¤¥È¤Ï¡Ömfa.gov[.]mn¡×¤Î¤ß¤È¤µ¤ì¤ë¡£
¤³¤Î¹¶·â¤Ç¤Ï¡¢ºÇ½ªÅª¤Ë¼¡¤Î¾ðÊó¤òÀà¼è¤¹¤ë¥Þ¥ë¥¦¥§¥¢¤¬Å¸³«¤µ¤ì¤¿¡£
¤¹¤Ù¤Æ¤ÎCookie
¥¯¥ì¥¸¥Ã¥È¥«¡¼¥É¾ðÊó¤ä¥¢¥«¥¦¥ó¥È´ØÏ¢¾ðÊó
Chrome¤ËÊݸ¤µ¤ì¤Æ¤¤¤ë¥Ñ¥¹¥ï¡¼¥É
Chrome¤ÎÍúÎò
¤¹¤Ù¤Æ¤Î¥È¥é¥¹¥È¥È¡¼¥¯¥ó
¡û±Æ¶Á¤ÈÂкö
Google¤Ï¤³¤Î¥¥ã¥ó¥Ú¡¼¥ó¤Ë»ÈÍѤµ¤ì¤¿ºÇ½ª¥Ú¥¤¥í¡¼¥É¤ÎʬÀϤʤɤ«¤é¡¢¥í¥·¥¢À¯Éܤλٱç¤ò¼õ¤±¤Æ¤¤¤ë¤È¤ß¤é¤ì¤ë¶¼°Ò¥°¥ë¡¼¥×¡ÖAPT29(ÊÌ̾¡§Midnight Blizzard)¡×¤¬¥¥ã¥ó¥Ú¡¼¥ó¤Ë´ØÍ¿¤·¤¿µ¿¤¤¤¬¤¢¤ë¤È»ØŦ¤·¤Æ¤¤¤ë¡£¹¶·â¤Ï½¤ÀµºÑ¤ß¤ÎÀȼåÀ¤ò°ÍѤ·¤¿¤â¤Î¤À¤Ã¤¿¤¬¡¢¥¢¥Ã¥×¥Ç¡¼¥È¤ò¼Â»Ü¤·¤Æ¤¤¤Ê¤¤¥æ¡¼¥¶¡¼¤Ï¿¤¤¤È¤ß¤é¤ì¡¢Google¤Ï¸ú²ÌŪ¤Ê¹¶·â¼êÃʤˤʤêÆÀ¤ë¤Èɾ²Á¤·¤Æ¤¤¤ë¡£
¤³¤Î¥¥ã¥ó¥Ú¡¼¥ó¤ÎɸŪ¤È¤Ê¤Ã¤¿¥Ç¥Ð¥¤¥¹¤ª¤è¤ÓWeb¥Ö¥é¥¦¥¶¤ò»ÈÍѤ·¤Æ¤¤¤ë¥æ¡¼¥¶¡¼¤Ë¤Ï¡¢Æ±Íͤι¶·â¤ò²óÈò¤¹¤ë¤¿¤á¤ËiOS¤ª¤è¤ÓGoogle Chrome¤òºÇ¿·¥Ð¡¼¥¸¥ç¥ó¤Ë¥¢¥Ã¥×¥Ç¡¼¥È¤¹¤ë¤³¤È¤¬¿ä¾©¤µ¤ì¤Æ¤¤¤ë¡£¤Þ¤¿¡¢Google¤ÏÄ´ºº¤Î²áÄø¤Ë¤ÆȽÌÀ¤·¤¿¥»¥¥å¥ê¥Æ¥£¿¯³²¥¤¥ó¥¸¥±¡¼¥¿¡¼(IoC: Indicator of Compromise)¤ò¸ø³«¤·¤Æ¤ª¤ê¡¢É¬Íפ˱þ¤¸¤Æ³èÍѤ¹¤ë¤³¤È¤¬Ë¾¤Þ¤ì¤Æ¤¤¤ë¡£