The Computer Emergency Response Team of Ukraine (CERT-UA) reports about a new campaign dubbed "SickSync," launched by the UAC-0020 (Vermin) hacking group in attacks on the Ukrainian defense forces.
Honestly, I didn’t think about vulnerability in SyncThing when I read the article. But I wondered why defense forces would have p2p open on their networks.
Not necessarily. Torrent is a way to find a peer for direct connection or via a relay (of course that is more than that). Syncthing, even using a relay server, requires some ports available for at least outbound connection (22000 TCP/UDP or whatever port the relay is using). This should not be possible in a medium security network, let alone a defense network.
I don’t know if syncthing works without a direct connection (to the peer or relay, something like transport via http proxy).
Next article, “hackers abuse bash to list directory contents and write the output to a file.”
Honestly, I didn’t think about vulnerability in SyncThing when I read the article. But I wondered why defense forces would have p2p open on their networks.
When you say P2P you think torrents. But syncthing have rendezvou helpers to facilitate connections without seeing any data.
Not necessarily. Torrent is a way to find a peer for direct connection or via a relay (of course that is more than that). Syncthing, even using a relay server, requires some ports available for at least outbound connection (22000 TCP/UDP or whatever port the relay is using). This should not be possible in a medium security network, let alone a defense network. I don’t know if syncthing works without a direct connection (to the peer or relay, something like transport via http proxy).