The Computer Emergency Response Team of Ukraine (CERT-UA) reports about a new campaign dubbed "SickSync," launched by the UAC-0020 (Vermin) hacking group in attacks on the Ukrainian defense forces.
  • dariusj18@lemmy.worldEnglish
    39·
    6 months ago

    Got worried about a synching vuln, but no, they are just using it as a file transfer agent for their own malware.

      • dariusj18@lemmy.worldEnglish
        33·
        6 months ago

        Next article, “hackers abuse bash to list directory contents and write the output to a file.”

        • Kid@sh.itjust.worksOPMEnglish
          5·
          6 months ago

          Honestly, I didn’t think about vulnerability in SyncThing when I read the article. But I wondered why defense forces would have p2p open on their networks.

          • slazer2au@lemmy.worldEnglish
            3·
            6 months ago

            When you say P2P you think torrents. But syncthing have rendezvou helpers to facilitate connections without seeing any data.

            • Kid@sh.itjust.worksOPMEnglish
              5·
              6 months ago

              Not necessarily. Torrent is a way to find a peer for direct connection or via a relay (of course that is more than that). Syncthing, even using a relay server, requires some ports available for at least outbound connection (22000 TCP/UDP or whatever port the relay is using). This should not be possible in a medium security network, let alone a defense network. I don’t know if syncthing works without a direct connection (to the peer or relay, something like transport via http proxy).