Amacebo e-APT35, ubuchule, kunye neenkqubo: indlela ezisebenza ngayo kunye nendlela yokukhusela iiWindows

  • I-APT35 igqamile ngenxa yokukhohlisa ngomkhonto, ubusela beenkcukacha, kunye nokuzingisa kwiWindows.
  • Ii-APTs zidibanisa ukungena, ukunyakaza kwecala, kunye nokukhutshwa okufihliweyo kunye ne-C2 efihlakeleyo.
  • I-EDR / XDR, ulwahlulo, ukudibanisa, kunye nenethiwekhi / i-endpoint telemetry yimiqobo ebalulekileyo.
Pablo

Imizuzu ye11

APT35 Cybersecurity kwiWindows

Kwimeko yanamhlanje yesoyikiso, bambalwa abachasi abazingisayo kwaye banobuqhophololo njenge-APT35. Lo mlingisi, okwabizwa ngokuba nguHelix Kitten okanye iKitten ethandekayo[Igama leNkampani] lizakhele udumo oluphandwe kakuhle lwephulo lokurhwaphiliza okujoliswe kulo, ukubiwa kwezazisi, kunye nokuzingisa kwexesha elide kwiindawo zeshishini. Ukuba usebenza neWindows kumbutho, ukuqonda amaqhinga, ubuchule, kunye neenkqubo (TTPs) ngundoqo [kuKhuseleko lokuSebenza]. ukunciphisa indawo yokuhlaselwa kwaye usabele ngexesha.

Nangona ihlala ibonwa njengohlaselo “olufana nemovie”, izoyikiso eziqhubekayo aziyontsomi yesayensi. Ziyinkqubo yemethodical, imigangatho emininzi, kunye noqhaqho lwezigulaneOlu hlaselo luyilelwe ukuba lungene ngaphakathi, luhlale lungabonakali, kwaye lukhuphe idatha exabisekileyo ngexesha elifanelekileyo. I-APT35 ihambelana neprofayili: amaphulo okukhwabanisa okubonakalayo, umyalelo ofihliweyo kunye neziseko zokulawula, kunye nokukwazi ukulungelelanisa iindlela zayo njengoko ixhoba liqinisa ukhuseleko lwalo.

Yintoni i-APT kwaye kutheni i-APT35 iyinkxalabo ekhethekileyo kwiWindows?

Usongelo oluphambili oluqhubekayo luhlaselo lwexesha elide apho umchasi ufumana ufikelelo olungagunyaziswanga kwaye ulugcine luyimfihlo ukuba ulwazi, ukubeka esweni imisebenzi, okanye ukubangela ukuphazamiseka xa kufanelekile. Ngokungafaniyo ne "bulk" malware, i-APTs ayisebenzi ngobuninzi; bajolise kwiinjongo ezithile kwaye bafunde malunga nokusingqongileyo phambi kokuba bafuduke.

Kwi-Windows, i-APT35 ihlala ivula umnyango isebenzisa ubunjineli bezentlalo: Ii-imeyile ze-spear phishing ezenziwe kakuhleamaphepha engqinisekiso enziweyoIzimemo ezingeyonyani kwiinkomfa okanye kwimisitho yezifundo, kunye nobuqhetseba obukhohlisa ixhoba kwikhowudi okanye ukunikezela ngamathokheni. Xa sele ungaphakathi, kugxilwe ekuzingiseni: iminyango esemva, impatho-gadalala yobungqina, kunye nentshukumo esecaleni efihlakeleyo.

Ngubani osemva kwe-APT kwaye ingena njani i-APT35?

Ii-APT zihlala zixhaswa ngabadlali abalungelelaniswe kakuhle. Sinokwahlula iibhloko ezintathu eziphambiliAmaqela axhaswa ngurhulumente, ulwaphulo-mthetho olulungelelanisiweyo, kunye nemibutho yabaxhasi bobuqhophololo. I-APT35, edityaniswe nemidla yase-Iranian ngokubhekiselele kubahlalutyi abaninzi, kujoliswe kumacandelo afana ne-aerospace, unxibelelwano, imali, amandla, iikhemikhali, kunye nokwamkela iindwendwe, kunye neenjongo zoqoqosho, umkhosi kunye nezopolitiko.

Phakathi kwamaqela alawulwa ngurhulumente, amanye amatyala awaziwayo agqamile: ULazaro (kuMntla Korea), obandakanyeka kubusela bemali kunye nemisebenzi efana nesiganeko sikaSony; I-APT28/Ibhere eFancy kunye ne-APT29/iBhere eCozy (eRussia)ngamaphulo achasene neenjongo zikarhulumente, ezozakuzo nezonyulo; kwaye APT40, edityaniswe ne-cyber espionage ejolise kwiiyunivesithi kunye nokhuselo. Le misebenzi ibonisa ubungakanani besicwangciso se-APT.

Kulwaphulo-mthetho olulungelelanisiweyo, inzuzo yemali ingukumkani. Carbanak/FIN7 uye wahlasela iibhanki kunye neevenkile; Icala elimnyama Wafumana udumo ngenxa yesiganeko soMbhobho weKoloniyali. I-Hacktivists, kwelinye icala, isebenzela imbono okanye impembelelo yezopolitiko: Ongaziwayo okanye Umkhosi wase-Syria wase-Elektroniki Le yimizekelo yezenzo zoqhanqalazo kunye nepropaganda enempembelelo yangempela.

Aba bachasi, kubandakanywa nabo banxulumene nelizwe, Bafuna inzuzo okanye inzuzo yobuchule ngobusela bepropathi enomgangatho ophezulu wokuqonda, ukuxhaphaza (i-ransomware) okanye ukufikelela kwiinkqubo ezibalulekileyo.

Indlela ezisebenza ngayo: amaqhinga angundoqo, ubuchule kunye neenkqubo

I-APT eqhelekileyo idibanisa iileya ezininzi: ukungena, ukunyuka kunye nokunyakaza kwecala, kunye nokuphumaNgexesha lokungena, i-APT35 isebenzisa i-psychology yomsebenzisi ukunyanzela unqakrazo lokuqala kwaye, ukuba kunokwenzeka, ukungena kwiisistim ngokuxhaphaza okanye isoftware engabhalwanga. Kwi-Windows, kuqhelekile ukubona ii-macros ezinobungozi kumaxwebhu, amakhonkco kumaphepha okungena okungeyonyani, kunye nokusetyenziswa kwezixhobo zesistim ukuze uhlale ungabonwa.

Xa sele ingaphakathi, umhlaseli useka unxibelelwano kunye nomyalelo kunye nokulawula kwayo (C2) iziseko. Olu nxibelelwano lunokuguqulwa njengetrafikhi esemthethweni.Ukusuka kwizicelo ezilula ze-HTTP (S) ukuya kumajelo angaphezulu okudala axhaswa ziinkonzo zoluntu (kubekho ii-TTP ezixhaphaza amanethiwekhi oluntu okanye amaxwebhu efu). Ngonxibelelwano oluzinzileyo, ukufunyanwa kwe-asethi kunye nokunyakaza kwecala kuqala.

Abakhuseli kufuneka bakhumbule ukuba i-APT yanamhlanje ukuphakamisa izikhokelo kunye nezixhobo zoluntu emva kokuxhatshazwa (umzekelo, izikhokelo ezaziwayo-kakuhle) kodwa kunye namacandelo enziwe ngokwesiqhelo. Ngamanye amaxesha, abahlaseli balayisha ikhowudi kwimemori ukunqanda ukushiya umkhondo kwidiski kwaye bathembele kubuchule obufana ne-DLL sideloading.

Ekukhutshelweni, idatha iphuma kwiidriphu okanye iibhetshi, igqunywe yingxolo yothungelwano okanye i-encapsulated (iifayile ezicinezelweyo, iiprothokholi eziqhelekileyo, amajelo afihlakeleyo). Ukuba ixhoba lifumanisa into ethile, i-APT inokuvelisa iziphazamiso ezifana nokuhlaselwa kweDDoS ukufihla ukuvuza kwangempela.

Inyathelo ngamanyathelo okuhlaselwa kwe-APT

  1. UkuqwalaselwaBaqokelela iidilesi ze-imeyile, iinkangeleko zikawonke-wonke, ubugcisa obusetyenziswayo (ngamanye amaxesha buvezwa kwizithuba zemisebenzi), kunye nazo naziphi na ezinye iinkcukacha eziluncedo. Linqanaba elithe cwaka lomthetheleli.
  2. UkungenelelaUmkhonto phishing ukuxhatshazwa kobuthathakaAmagama ayimfihlo abuthathaka okanye i-malware efakwe kumaxwebhu anokuba ngumngcipheko omkhulu. Kwi-Windows, ukuvula nje isincamatheliso "esingalunganga" kudla ngokwaneleyo ukwenza ikhowudi.
  3. IsazisiBakhangela iziqinisekiso ezisebenzayo (iikuki, iithokheni, amagama ayimfihlo) kwaye bafikelele kwiinkqubo ezininzi besebenzisa iinkcukacha zabasebenzisi abasemthethweni. ukuphepha ulawulo olusekwe kutyikityo.
  4. Ukufakela izinto eziluncedoBabandakanya izixhobo zolawulo olufihlakeleyo, ukubiwa kwephasiwedi, ukubeka iliso, kunye nokunye. Ufakelo oluncinci okanye iskripthi Ingasebenza njengebhodi yokuqalisa imithwalo emikhulu.
  5. Ngasemva kunye namalungeloBenza i-backdoors, ii-akhawunti ezifihliweyo, okanye ukuguqula ulungelelwaniso. Ukuba bafumana iziqinisekiso zomlawuli wesizinda, Baphethe izitshixo zobukumkani ukuhamba ecaleni.
  6. ExfiltrationBapakisha ii-imeyile, iifayile, kunye nogcino-lwazi kumaseva aphakathi okanye ukugcinwa kwelifu, usebenzisa i-HTTP/FTP okanye amanye amajelo. Basenokusebenzisa kakubi iitonela ze-DNS ukuba okusingqongileyo kuyakuvumela.
  7. UkuzingisaKwanasemva kokuba bebhaqwe, bazama ukuhlala. Olu lukhuni luphawu lwe-APT., kunye nokuhlala iinyanga.

Iimpawu kunye neempawu ze-APT eziqhubekayo

Iincopho zeTrafikhi okanye ukuhamba okungaqhelekanga ukusuka kwisixhobo sangaphakathi ukuya ngaphandle Ezi iflegi ebomvu. Ngokufanayo, ukungena ngaphandle kweeyure zomsebenzi okanye kwiindawo ezingaqhelekanga kubonisa iziqinisekiso ezisengozini.

Las usulelo oluphindaphindiweyo lwe-malware Inyani yokuba iingcango zangasemva ziphinda zivulwe kwaye ziphinde zivele emva "kokucoca" kubonisa ukuzingisa. Ngaphaya koko, ukuba iifayile ezinkulu okanye ezicinezelweyo zivela kwiifomathi ezingafane zisetyenziswe yinkampani, uphando lufanelekile.

Ii-imeyile ezingaqhelekanga ezifunyenwe ngabaphathi okanye abasebenzi abanovelwano, eqhelekileyo yokukhohlisa ngomkhonto, Ngokuqhelekileyo ziyinyathelo lokuqala kwikhonkco le-APTOmnye umkhondo: umsebenzi ongaqhelekanga koovimba beenkcukacha ezinomthamo omkhulu wokusebenza.

Abanye ababoneleli baloga apho i-imeyile ivulwe okanye isuka kuyo idilesi ye-IP; ukujonga ufikelelo olungaqhelekanga okanye ukungenelela kwimbalelwano kungabonisa [into]. abangeneleli abaphonononga unxibelelwanoKwinqanaba lesiphelo, umhlaseli uhlola imigaqo-nkqubo kunye nezikhewu zokuthotyelwa ukuxhaphaza ubuthathaka.

Iindidi ze-APT ngokwenjongo kunye nemizekelo enemifanekiso

  • Ukutshatyalaliswa okanye ukuphazamisekaImisebenzi enzima kakhulu elawula iinkqubo zamashishini ngaphandle kokulumkisa ixhoba. Imeko yeparadigmatic: yiStuxnet, eyachaphazela ii-centrifuges zase-Iranian.
  • Ukuphanga: amaphulo ajolise kwinzuzo yemali, njenge-ransomware. Ryuk Imele uhlaselo ekujoliswe kulo olufihla izinto ezibalulekileyo kunye nokufuna iintlawulo eziphezulu.
  • Ukungeniswa kunye nokukhuphaInjongo kukuhlala kwaye ngokuqhubekayo ukukhupha idatha. Amaphulo ayalelwa APT32 y APT37 kubuntlola bezoqoqosho nezopolitiko.
  • Itsheyini yonikezoAbaboneleli bazibophelele ekufikeleleni abathengi babo. Umzekelo weendaba wawunjalo I-SolarWinds (ibalelwa kwiiforam kwi-APT29), kunye HayiPetya Isasazeke ngohlaziyo olusengozini, lubangela umonakalo kwihlabathi.

Iimeko zokwenyani ezifundisa izifundo

Ukuhlaselwa Ujoliso nge-RAM Scraper Usebenzise ubuthathaka bomthengisi ukuze afikelele kwi-ecosystem yayo. Umdlali we-actor ungene kwii-terminals point-of-sales iiveki, ukweba idatha yekhadi letyala kunye ukukhupha imiqulu emikhulu yonke ngaxeshanye.

Abaphandi bachonge amaphulo liqela elincinane le ULazaro oguqule i-malware ye-DTrack eyaziwayo kwaye wasebenzisa i-Maui ransomware. Imithwalo ekwimemori yenziwe kwiWindowsI-DTrack iqokelele idatha yenkqubo kunye nembali yesikhangeli, kwaye ixesha lokuhlala laliziinyanga.

LuckyMouse ithumele iTrojan eyahlukileyo yenkonzo yemiyalezo kaMimi kwi-backdoors ngokuchasene neMacOS, Windows, kunye neLinux, imibutho ebandakanyekayo eTaiwan nakwiiPhilippinesIbonisa ukuhambelana kwe-cross-platform eqhelekileyo ye-APT.

Iqela SEABORGIUM, edityaniswe nomdla waseRashiya, wenza ubuntlola eYurophu iminyaka, ukusebenzisa kakubi ubuqhetseba bemikhonto ukufumana ufikelelo kwi-OneDrive kunye ne-LinkedInUkusetyenziswa kweenkonzo zefu ezisemthethweni kwenza kube nzima ukubhaqwa.

Iindlela zamva nje kwi-TTP: yintoni etshintshayo kwaye yintoni engekhoyo

Ngexesha lekota yakutshanje yehlobo, abahlalutyi baqaphele umahluko ocacileyo phakathi kwabadlali: abanye Bayiphucule ingxowa yezixhobo zabo ukuya kwisikhokelo seemodyuli ezingisa kakhulu, lo gama abanye bafezekise iinjongo kunye amatyathanga usulelo ixesha elide, ebonisa ukuba "elula kwaye zingqineke" isasebenza.

Olunye lwezona ziphumo zibalaseleyo yayilusulelo UEFI bootkit, inxalenye yenkqubo-sikhokelo enezigaba eyaziwa ngokuba yi-Mosaic Regressor, eyenza ukufakelwa komelele kakhulu kwaye kube nzima ukuphelisa. I-UEFI ibalulekileUkuyosulela kunika ukuzingisa ngaphantsi kwenkqubo yokusebenza.

Baye babonwa ubuchule be-steganography ngokulayishwa ecaleni: iphulo elibalelwa kwi-Ke3chang lisebenzise inguqulelo ye-Okrum yangasemva eye yasebenzisa ibhinari ye-Windows Defender esayiniweyo ukufihla owona mthwalo ungundoqo, ukugcina umsayino wedijithali osebenzayo ukunciphisa ukubonwa.

Amanye amaqela, anje Amanzi odakaBaye baphinda-phinda izikhokelo zezigaba ezininzi, ngelixa DTrack Ifake amandla amatsha ukwenza iintlobo ezininzi zomthwalo wokuhlawula. Ngaxeshanye, UkufaStalker Igcina amatyathanga alula kodwa agxininise kakhulu ayilelwe ukuphepha ukubhaqwa, ebonisa ukuba ubugocigoci abusoloko buyimfuneko kwimpumelelo.

I-APT35 ekugxilwe kuyo: iimpawu ze-TTP kunye neethagethi

I-APT35 yaziwa ngayo Umkhonto othembekileyo kakhulu wokukhohlisa ii-imeyile kunye namaxwebhu omgunyathi elilinganisa izimemo zemfundo okanye unxibelelwano oluvela kwimibutho. Kuqhelekile ukubona i-spoofing yokungena, ukusetyenziswa kakubi kwamakhonkco amfutshane, kunye namaphepha okuqinisekisa ukubamba anenkangeleko engenasiphako.

Kwi-Windows, eli qela lithande uku thembele kwimibhalo yemveli kunye nezixhobo Ukuze uhlale ungabonakali, misela i-C2 kwaye uhambe ecaleni. Indibaniselwano yobunjineli bezentlalo kunye nokusetyenziswa okungenelelayo kwesoftware engabhalwanga. ichaza izinga layo eliphezulu lempumelelo ngaphandle kokuziphatha okwaneleyo kunye nolawulo lwezahlulo.

Uyikhusela njani iWindows kwi-APT35 kunye nezinye ii-APT

I-EDR kunye ne-XDR. Izisombululo zanamhlanje zibona ukuziphatha okungaqhelekanga ngexesha lokwenyaniBanikezela nge-telemetry yenkqubo, inethiwekhi kunye nememori, kwaye bavumele ukuphendula ngokukhawuleza (izixhobo ezizimeleyo, iinkqubo zokubulala, ukubuyisela utshintsho).

Ukuchwetheza kunye nokuqina. yokuHlaziya yeWindows, iibhrawuza kunye neeofisi zeofisiIsebenzisa imigaqo yokunciphisa indawo yomphezulu, imida i-PowerShell, ikhubaza ii-macros ngokungagqibekanga, kwaye ilawula ukuphunyezwa kokubini okungasayinwanga.

Isicelo kunye nolawulo lwesizinda. Uluhlu lwemvume kunciphisa umngciphekoKodwa ifuna imigaqo-nkqubo yohlaziyo engqongqo kunye nokuphononongwa rhoqo: kwaneendawo "ezithenjiweyo" zinokuchaphazeleka.

WAF kunye nokhuseleko lwesicelo. I-firewall yesicelo sewebhu Inceda uhlaselo lodwa kuluhlu lwesicelo kunye nokuyeka i-RFI okanye i-SQL yokuzama inaliti; ukubeka iliso kwi-traffic yangaphakathi kuveza iipateni ezingaphandle kwesiqhelo.

Ukufikelela kunye nolawulo lwedatha. Yahlula inethiwekhi, sebenzisa ilungelo elilodwa elincinciIyomeleza i-MFA kwaye ibeke esweni ukufikelela kwimithombo ebuthathaka. Ilawula ukwabelana ngefayile kwaye ivala izixhobo ezisusekayo ukuba kunokwenzeka.

I-Telemetry kunye ne-DNS. Jonga iipateni ezikhomba kwiitonela ze-DNS okanye ezinye iindlela zokukhutshelwa ezifihlakeleyo; yenza izilumkiso malunga noxinzelelo olungaqhelekanga kunye nomthamo omkhulu wokuhamba kwedatha.

Ukuqonda, kodwa ngaphandle kokholo oluyimfama. Uqeqesho luyanceda. nangona nabasebenzi abaqeqeshiweyo banokuwaIncediswa lulawulo lobugcisa, uluhlu lokubukela, kunye nokufumanisa ukuziphatha.

Indlela yokuphendula: ukusuka kwisalathisi sokuqala ukuya kuphuculo oluqhubekayo

  • Ukuchongwa kunye novavanyo. Sebenzisa izixhobo zokubeka iliso ezikumgangatho ophezulu kunye nohlalutyo lwenkundla yeziganeko kunye neefayile. Imisela umda wangempela, ii-vectors kunye nee-akhawunti ezichaphazelekayo ngokuphonononga iilogi kunye ne-artifacts.
  • Isiqulatho. Ukwahlula iinkqubo ezisengoziniHlaziya iiseshini kunye namathokheni, tshintsha iziqinisekiso, kunye necandelo ngokukhawuleza. Thintela umhlaseli ekubeni aqhubeke ehamba okanye ephumela ngaphandle.
  • Ukuphelisa kunye nokubuyisela. Ususa izixhobo zokuhlasela, ulungisa ubuthathaka y Buyisela kwii-backups ezaziwayo njengoko injalo. Gcina uqwalaselo olwandisiweyo lokukhangela umsebenzi oshiyekileyo.
  • Uhlalutyo kunye nokuphuculwa. Bhala isiganeko, hlaziya imigaqo-nkquboLungisa imithetho yokufumanisa kwaye unxibelelane ngokungafihlisiyo nabachaphazelekayo. Esi sigaba sinciphisa iindleko zokwaphulwa kwexesha elizayo.

Izixhobo kunye nobukrelekrele: yintoni eyenza umahluko

Iindlela ezisekwe kwi-AI ezibona i-malware kunye ne-ransomware binaries ngaphambi kokubulawa, iinkonzo zokuzingela eziyingozi kunye nokuqiniswa kwemihla ngemihla kwe-SOC nge-MDR ziintsika eziphambili zokuhlala phambi kwee-TTP ezivelayo.

Usoyikiso iiphothali zobuntlola ngokufikelela kufutshane nexesha lokwenyani lobugcisa nolwazi lomxholo Bakuvumela ukuba ulindele amaphulo, ukuhlaziya ukufunyanwa, kunye noluhlu lokubukela. Bancedisa i-EDR / XDR kwii-endpoints kunye neesensonsi zenethiwekhi ukuze zifikeleleke ngokupheleleyo.

Iimpawu eziqhelekileyo zokulalanisa kwiWindows ongafanele uzihoye

  • Ukungena okuphezulu emva kweeyure nakumatyala aphakamileyo; unxulumano phakathi kwe-data spikes kunye nofikelelo olukude.
  • Abadlali abaphindaphindiweyo okanye ukuvela kwakhona kwe-backdoors: Iicloni zeTrojan ezibuyela emva kokuba "ukucoca".
  • Uthintelo lwemeyile okanye ukungena okungaqhelekanga kwiibhokisi zeposi; spear phishing ejolise ngokukodwa kubaphathi okanye amasebe ezemali.
  • Okunye okungaqhelekanga: Ukucotha okungaqhelekanga komncedisi, utshintsho kubhaliso, ukwenza ii-akhawunti ezingaziwayo, okanye iinkonzo ezingaqhelekanga ekuqaleni.

Iindleko kunye nezizathu: kutheni i-APT ingadingi hlahlo lwabiwo-mali olukhulu

Nangona inokukumangalisa, Iindleko zokusebenza kwezinye iikhankaso ze-APT zinokuthozama.Izixhobo zokuvavanya ukungena kwintengiso kunye nezinye iinkonzo zeziseko ezingundoqo zithatha inxalenye enkulu yenkcitho, kodwa imbuyekezo yomhlaseli (uqoqosho okanye iqhinga) idla ngokuthethelela utyalo-mali.

Imibuzo ebuzwa rhoqo

  • Uthini umahluko phakathi kwe-APT kunye "nohlaselo olujoliswe phambili" (ATA)? Ngokusebenza, i-ATA ichaza indlela yokusebenza esetyenziswe ngamaqela asekelwe kakuhle; xa loo msebenzi uzinzile, ngokuzingisa okuqhubekayo kunye nokulungelelanisa, sithetha nge-APT. Ziyahlulwa ngamaqhinga, iziseko zophuhliso, ukusetyenziswa kwakhona kwekhowudi, kunye nodidi lweenjongo.
  • Zeziphi iithagethi eziqhelekileyo kunye nemodus operandi ye-APT35? Bakholisa ukujolisa kumacandelo eqhinga kunye nezemfundo, nge umkhonto ethembekileyo kakhulu phishing, ubusela beziqinisekiso, ukusetyenziswa kakubi kweenkonzo zefu kunye nokuzingisa kwiWindows usebenzisa izixhobo zemveli kunye ne-C2 efihliweyo.
  • Ndiyibona njani i-APT ukuba ayishiyi phantse yonke into? Khangela ukuziphatha okungaqhelekanga: ukungena ngaphandle kwepatheni, iifayile ezinkulu ezicinezelekileyo, i-traffic engaqhelekanga ephumayo, iinkqubo eziqala uqhagamshelo olungaqhelekanga, kunye nokuphindaphinda i-malware emva kokucoca.
  • Ngaba i-antivirus kunye noqeqesho lwanele? Hayi. Udinga i-EDR/XDR, i-telemetry, i-segmentationUlawulo lwesicelo kunye nempendulo ecwangcisiweyo. Ukuqonda kuyanceda, kodwa ukuzenzekelayo kunye nokubonakala kubalulekile.

Ukomeleza iiWindows ngokuchasene ne-APT35 kunye nezinye ii-APT kufuna ukudibanisa ukubeka iliso, iteknoloji kunye neenkqubo. Ngolawulo oluluqilima lokufikelela, i-EDR/XDR, ubukrelekrele bosongelo, kunye nempendulo ene-oyile kakuhleUnganciphisa kakhulu ithuba lotshaba kwaye unciphise impembelelo naxa befumana unqakrazo lokuqala.

Inqaku elidibeneyo:
Isikhokelo esipheleleyo sokwenza i-backups ezongeziweyo kwiWindows