Loading

来源为俄罗斯的黑客入侵美国政府和企业 【中英对照翻译】

新闻来源:REUTERS《路透社》; 作者:Jack Stubbs, Ryan McNeill; 发布时间:December 18 , 2020 /2020年12月18日

翻译/简评:helloworld;校对:SilverSpurs7;审核:万人往;Page:小雨

简评:

直接来源为俄罗斯、以太阳风公司软件作跳板、对其客户发起进一步深入攻击的网络间谍活动,因其后门产生的CNAME记录而被发现和曝光。其不仅广泛攻击了政府和各大公司,还通过像微软这样的大公司攻击了其客户的网络,造成了极其深远的影响。

这次的攻击产生了广泛的影响。由于损失巨大,一旦幕后黑手被找到,其将面临巨大的赔偿指控。

根据爆料革命文贵先生的情报,这次黑客行动背后黑手是中共,而俄罗斯作为其隐藏来源的跳板,将被各国直接指控。这种巨大压力将在中俄博弈中为俄罗斯反水、与中共决裂加上巨大的砝码,也将成为除病毒来源以外,各国未来联合对中共的追责的另一颗子弹。

原文翻译:

SolarWinds hackers broke into U.S. cable firm and Arizona county, web records show

网络记录显示,黑客通过太阳风SolarWinds公司软件入侵了美国互联网提供商和亚利桑那州县政府

LONDON (Reuters) - Suspected Russian hackers accessed the systems of a U.S. internet provider and a county government in Arizona as part of a sprawling cyber-espionage campaign disclosed this week, according to an analysis of publicly-available web records.

伦敦路透社 – 疑似来自俄罗斯的黑客入侵了美国互联网服务供应商Cox通信公司和亚利桑那州皮马县政府(Pima County,Arizona)的系统。而根据公开的网络记录分析,这是本周公开的大规模网络间谍活动的一部分。

The SolarWinds logo is seen outside its headquarters in Austin, Texas, U.S., December 18, 2020. REUTERS/Sergio Flores

美国德克萨斯州奧斯汀市太阳风公司总部大楼外的商标(2020年12月18日路透社/Sergio Flores)

The hack, which hijacked ubiquitous network management software made by SolarWinds Corp to compromise a raft of U.S. government agencies and was first reported by Reuters, is one of the biggest ever uncovered and has sent security teams around the world scrambling to contain the damage.

路透社最新消息,这次黑客行动劫持了由太阳风公司(SolarWinds Corp)开发的、广为使用的网络管理软件,并攻破了一系列美国政府机构。这是有史以来所发现的规模最大的黑客活动之一,世界各地的安全团队都被雇佣以尽可能快地控制损失。

The intrusions into networks at Cox Communications and the local government in Pima County, Arizona, show that alongside victims including the U.S. departments of Defence, State, and Homeland Security, the hackers also spied on less high-profile organisations.

Cox通信公司(Cox Communications)和亚利桑那州皮马县地方政府网络遭受的入侵表明,黑客不仅攻击了美国国防部、国务院和国土安全部,还对一些低调的组织展开了间谍行为。

A spokesman for Cox Communications said the company was working “around the clock” with the help of outside security experts to investigate any consequences of the SolarWinds compromise. “The security of the services we provide is a top priority,” he said.

Cox通信公司的发言人表示,公司正在外部安全专家的帮助下“全天候”工作,以调查太阳风公司软件被入侵造成的任何后果。他表示:“安全是我们提供服务时的首要考虑。”

In emailed comments sent to Reuters, Pima County Chief Information Officer Dan Hunt said his team had followed U.S. government advice to immediately take SolarWinds software offline after the hack was discovered. He said investigators had not found any evidence of a further breach.

皮马县首席信息官丹•亨特(Dan Hunt)通过电子邮件向路透社透露,他的团队已遵循美国政府的建议,在发现黑客入侵后立即将太阳风软件从网络中切断。他说,调查人员没有发现系统被进一步攻破的证据。

Reuters identified the victims by running a coding script released on Friday here by researchers at Moscow-based cybersecurity firm Kaspersky to decrypt online web records left behind by the attackers.

路透社通过运行脚本确认了黑客行为中受害者的身份信息。该脚本由莫斯科网络安全公司卡巴斯基(Kaspersky)研究人员在本周五发布,能够解密攻击者留下的在线网络记录。

(脚本地址:https://securelist.com/sunburst-connecting-the-dots-in-the-dns-requests/99862

The type of web record, known as a CNAME, includes an encoded unique identifier for each victim and shows which of the thousands of “backdoors” available to them the hackers chose to open, said Kaspersky researcher Igor Kuznetsov.

卡巴斯基研究人员Igor Kuznetsov说,这些网络记录类型被称为CNAME,其中包括被编码的每个受害者的唯一识别符。这些网络记录展现了数千个可被黑客用于攻击的“后门”。

“Most of the time these backdoors are just sleeping,” he said. “But this is when the real hack begins.”

他说:“大多数时候这些后门都处于休眠状态,但是当黑客攻击真正开始时,这些后门即被启用。”

The CNAME records relating to Cox Communications and Pima County were included in a list of technical information published here by U.S. cybersecurity firm FireEye Inc, which was the first victim to discover and reveal it had been hacked.

美国网络安全公司火眼(FireEye Inc)发布的技术细节报告中列举了Cox通信和皮马县相关的CNAME记录。该公司首先发现和揭示了这一黑客入侵,同时也是入侵的受害者。

(技术细节报告地址:https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html)

John Bambenek, a security researcher and president of Bambenek Consulting, said he had also used the Kaspersky tool to decode the CNAME records published by FireEye and found they connected to Cox Communications and Pima County.

班贝内克咨询公司(Bambenek Consulting)总裁兼恶意软件研究员约翰•班贝内克(John Bambenek)说,他也使用卡巴斯基公司提供的工具对火眼公司发布的CNAME记录进行解码,并发现其与Cox通信公司和皮马县政府有联系。

The records show that the backdoors at Cox Communications and Pima County were activated in June and July this year, the peak of the hacking activity so far identified by investigators.

记录显示,Cox通信和皮马县网络系统中的后门在今年6、7月(已知的黑客活动最频繁时期)被激活。

It is not clear what, if any, information was compromised.

目前尚不清楚是否有信息被泄露。

SolarWinds, which disclosed its unwitting role at the centre of the global hack on Monday, has said that up to 18,000 users of its Orion software downloaded a compromised update containing malicious code planted by the attackers.

太阳风公司披露,其软件不幸成为了周一全球黑客行动中的关键跳板。该公司表示,其Orion软件有多达18,000用户下载了被攻击者植入了恶意代码的软件更新。

As the fallout continued to roil Washington on Thursday, with a breach confirmed at the U.S. Energy Department, U.S. officials warned that the hackers had used other attack methods and urged organisations not to assume they were protected if they didn’t use recent versions of the SolarWinds software.

黑客攻击造成的影响仍持续困扰着华盛顿当局。周四,美国能源部确认其被黑客攻破。美国官员警告,黑客还尝试了其他的攻击方法,并敦促各组织,只有升级了最新版本的太阳风软件才能确保安全。

Microsoft, which was one of the thousands of companies to receive the malicious update, said it had currently notified more than 40 customers whose networks were further infiltrated by the hackers.

微软公司是数千家安装了该恶意更新软件的公司之一。微软表示,他们已经通知了超过40家被黑客进一步渗透的网络客户。

Around 30 of those customers were in the United States, it said, with the remaining victims found in Canada, Mexico, Belgium, Spain, Britain, Israel and the United Arab Emirates. Most worked information technology companies, as well as some think tanks and government organisations.

微软表示,其中约30个客户位于美国,而其余的受害者位于加拿大、墨西哥、比利时、西班牙、英国、以色列和阿拉伯联合酋长国。其中,大多数为信息技术公司,还有一些是智囊团和政府机构。

"It's certain that the number and location of victims will keep growing," Microsoft President Brad Smith said in a blog post here.

微软总裁布拉德•史密斯(Brad Smith)在此处的博文中说:“可以肯定的是,受害者的数量和所波及的国家和地区数量将继续增长。”

(博客文章地址:https://blogs.microsoft.com/on-the-issues/2020/12/17/cyberattacks-cybersecurity-solarwinds-fireeye

“The installation of this malware created an opportunity for the attackers to follow up and pick and choose from among these customers the organizations they wanted to further attack, which it appears they did in a narrower and more focused fashion.”

“恶意更新的安装为攻击者提供了机会,让他们能够发现安装了更新的软件使用者,并从中选择和进一步攻击他们感兴趣的机构组织。这一点可由它们实际的攻击面更为狭窄而有针对性可看出。”

Reporting by Jack Stubbs; Editing by Chris Sanders and Edward Tobin

JackStubbs报道,编辑:Chris Sanders、Edward Tobin

编辑:【喜马拉雅战鹰团】Edited by:【Himalaya Hawk Squad】