[uanog] New virus attack
Mike Petrusha
mp at disan.net
Tue Jul 4 16:26:05 EEST 2017
Может это нужно багом считать в таком случае?
Хотели конкретным жертвам диски зашифровать, но где-то промахнулись?
Но ведь оно всё равно распространяется само в дальнейшем... Непонятно.
--
Mike
On 4 July 2017 at 15:14, Volodymyr Litovka <doka.ua at gmail.com> wrote:
>
> On 7/4/17 2:53 PM, Mike Petrusha wrote:
>
> Но зачем вся эта шпионская история с коллекционированием ЄДРПОУ?
>
>
> Each organization that does business in Ukraine has a unique legal entity
> identifier called the EDRPOU number. This is extremely important for the
> attackers: having the EDRPOU number, they could identify the exact
> organization that is now using the backdoored M.E.Doc. Once such an
> organization is identified, attackers could then use various tactics against
> the computer network of the organization, depending on the attackers’
> goal(s). [ ... ] And, of course, the attackers added the ability to control
> the infected machine.
>
> --
> Volodymyr Litovka
> "Vision without Execution is Hallucination." -- Thomas Edison
More information about the uanog
mailing list