The Computer Emergency Response Team of Ukraine (CERT-UA) reports about a new campaign dubbed "SickSync," launched by the UAC-0020 (Vermin) hacking group in attacks on the Ukrainian defense forces.
  • @dariusj18@lemmy.worldEnglish
    3925 days ago

    Got worried about a synching vuln, but no, they are just using it as a file transfer agent for their own malware.

        • KidOPMEnglish
          525 days ago

          Honestly, I didn’t think about vulnerability in SyncThing when I read the article. But I wondered why defense forces would have p2p open on their networks.

          • slazer2auEnglish
            325 days ago

            When you say P2P you think torrents. But syncthing have rendezvou helpers to facilitate connections without seeing any data.

            • KidOPMEnglish
              525 days ago

              Not necessarily. Torrent is a way to find a peer for direct connection or via a relay (of course that is more than that). Syncthing, even using a relay server, requires some ports available for at least outbound connection (22000 TCP/UDP or whatever port the relay is using). This should not be possible in a medium security network, let alone a defense network. I don’t know if syncthing works without a direct connection (to the peer or relay, something like transport via http proxy).