{"id":10525,"date":"2025-10-16T13:26:58","date_gmt":"2025-10-16T06:26:58","guid":{"rendered":"https:\/\/infosec.new88088.net\/?p=10525"},"modified":"2026-02-05T13:27:05","modified_gmt":"2026-02-05T06:27:05","slug":"chien-dich-gian-diep-jewelbug-lan-sang-nga-dong-nam-a-nam-trong-vung-do","status":"publish","type":"post","link":"https:\/\/infosec.new88088.net\/2025\/10\/16\/chien-dich-gian-diep-jewelbug-lan-sang-nga-dong-nam-a-nam-trong-vung-do\/","title":{"rendered":"Chi\u1ebfn d\u1ecbch gi\u00e1n \u0111i\u1ec7p \u201cJewelbug\u201d lan sang Nga, \u0110\u00f4ng Nam \u00c1 n\u1eb1m trong v\u00f9ng \u0111\u1ecf"},"content":{"rendered":"<p><b>M\u1ed9t nh\u00f3m tin t\u1eb7c \u0111\u01b0\u1ee3c cho l\u00e0 c\u00f3 li\u00ean quan v\u1edbi Trung Qu\u1ed1c mang t\u00ean Jewelbug \u0111\u00e3 x\u00e2m nh\u1eadp \u00e2m th\u1ea7m trong 5 th\u00e1ng, c\u1ee5 th\u1ec3 t\u1eeb th\u00e1ng 1 \u0111\u1ebfn th\u00e1ng 5\/2025 v\u00e0o m\u1ea1ng n\u1ed9i b\u1ed9 c\u1ee7a m\u1ed9t nh\u00e0 cung c\u1ea5p d\u1ecbch v\u1ee5 IT t\u1ea1i Nga. V\u1ee5 vi\u1ec7c \u0111\u00e1nh d\u1ea5u b\u01b0\u1edbc m\u1edf r\u1ed9ng \u0111\u00e1ng ch\u00fa \u00fd c\u1ee7a Jewelbug sang Nga, n\u1ed1i ti\u1ebfp chu\u1ed7i t\u1ea5n c\u00f4ng tr\u01b0\u1edbc \u0111\u00f3 t\u1ea1i \u0110\u00f4ng Nam \u00c1 v\u00e0 Nam M\u1ef9.<\/b><\/p>\n<p>Jewelbug \u0111\u00e3 truy c\u1eadp kho m\u00e3 ngu\u1ed3n v\u00e0 h\u1ec7 th\u1ed1ng build, t\u1ea1o nguy c\u01a1 t\u1ea5n c\u00f4ng chu\u1ed7i cung \u1ee9ng \u0111\u1ed1i v\u1edbi kh\u00e1ch h\u00e0ng t\u1ea1i Nga. D\u1eef li\u1ec7u b\u1ecb \u0111\u00e1nh c\u1eafp \u0111\u01b0\u1ee3c chuy\u1ec3n l\u00ean Yandex Cloud, trong khi nh\u00f3m s\u1eed d\u1ee5ng c\u00e1c c\u00f4ng c\u1ee5 h\u1ee3p ph\u00e1p nh\u01b0 Microsoft Console Debugger, Mimikatz, LSASS c\u00f9ng c\u00e1c k\u1ef9 thu\u1eadt BYOVD \u0111\u1ec3 \u1ea9n m\u00ecnh, duy tr\u00ec quy\u1ec1n truy c\u1eadp v\u00e0 n\u00e9 tr\u00e1nh h\u1ec7 th\u1ed1ng ph\u00f2ng th\u1ee7.<\/p>\n<blockquote class=\"bbCodeBlock bbCodeBlock--expandable bbCodeBlock--quote js-expandWatch\">\n<div class=\"bbCodeBlock-content\">\n<div class=\"bbCodeBlock-expandContent js-expandContent \">BYOVD l\u00e0 k\u1ef9 thu\u1eadt l\u1ee3i d\u1ee5ng driver h\u1ee3p ph\u00e1p nh\u01b0ng c\u00f3 l\u1ed7 h\u1ed5ng, gi\u00fap hacker v\u01b0\u1ee3t qua b\u1ea3o m\u1eadt h\u1ec7 \u0111i\u1ec1u h\u00e0nh v\u00e0 \u1ea9n m\u00ecnh s\u00e2u trong h\u1ec7 th\u1ed1ng. \u0110\u00e2y l\u00e0 m\u1ed9t xu h\u01b0\u1edbng t\u1ea5n c\u00f4ng ng\u00e0y c\u00e0ng ph\u1ed5 bi\u1ebfn trong c\u00e1c chi\u1ebfn d\u1ecbch gi\u00e1n \u0111i\u1ec7p m\u1ea1ng c\u1ea5p cao nh\u01b0 Jewelbug, Lazarus hay APT41.<\/div>\n<div class=\"bbCodeBlock-expandLink js-expandLink\"><a role=\"button\">Nh\u1ea5n \u0111\u1ec3 m\u1edf r\u1ed9ng&#8230;<\/a><\/div>\n<\/div>\n<\/blockquote>\n<p>&nbsp;<\/p>\n<div style=\"text-align: center\">\n<div class=\"bbImageWrapper  js-lbImage\" title=\"1760605510542.png\" data-src=\"https:\/\/whitehat.vn\/attachments\/1760605510542-png.17754\/\" data-lb-sidebar-href=\"\" data-lb-caption-extra-html=\"\" data-single-image=\"1\"><img fetchpriority=\"high\" decoding=\"async\" class=\"bbImage\" title=\"1760605510542.png\" src=\"https:\/\/whitehat.vn\/attachments\/1760605510542-png.17754\/\" alt=\"1760605510542.png\" width=\"790\" height=\"413\" data-url=\"\" data-zoom-target=\"1\" \/><\/div>\n<\/div>\n<p>C\u1ee5 th\u1ec3, Yandex Cloud l\u00e0 n\u1ec1n t\u1ea3ng \u0111i\u1ec7n to\u00e1n \u0111\u00e1m m\u00e2y c\u1ee7a Yandex, t\u1eadp \u0111o\u00e0n c\u00f4ng ngh\u1ec7 l\u1edbn nh\u1ea5t n\u01b0\u1edbc Nga (\u0111\u01b0\u1ee3c v\u00ed nh\u01b0 \u201cGoogle c\u1ee7a Nga\u201d). D\u1ecbch v\u1ee5 n\u00e0y cung c\u1ea5p m\u00e1y ch\u1ee7 \u1ea3o, l\u01b0u tr\u1eef d\u1eef li\u1ec7u, AI, container, CaaS v\u00e0 d\u1ecbch v\u1ee5 qu\u1ea3n l\u00fd d\u1eef li\u1ec7u t\u01b0\u01a1ng t\u1ef1 nh\u01b0 AWS, Google Cloud ho\u1eb7c Microsoft Azure.<\/p>\n<p>C\u00e1c chuy\u00ean gia cho r\u1eb1ng Jewelbug c\u00f3 kh\u1ea3 n\u0103ng \u0111\u00e3 m\u1edf r\u1ed9ng t\u1ea5n c\u00f4ng sang \u0110\u00f4ng Nam \u00c1, bao g\u1ed3m Vi\u1ec7t Nam nh\u01b0ng ch\u01b0a b\u1ecb ph\u00e1t hi\u1ec7n. C\u0169ng nh\u01b0 v\u1ee5 t\u1ea1i Nga, chi\u1ebfn d\u1ecbch c\u00f3 th\u1ec3 \u00e2m th\u1ea7m k\u00e9o d\u00e0i nhi\u1ec1u th\u00e1ng tr\u01b0\u1edbc khi b\u1ecb c\u00f4ng b\u1ed1.<\/p>\n<h3><b>G\u00f3c nh\u00ecn t\u1eeb chuy\u00ean gia WhiteHat<\/b>\u200b<\/h3>\n<p>Theo chuy\u00ean gia WhiteHat, chi\u1ebfn d\u1ecbch c\u1ee7a Jewelbug cho th\u1ea5y ho\u1ea1t \u0111\u1ed9ng gi\u00e1n \u0111i\u1ec7p m\u1ea1ng c\u00f3 li\u00ean quan \u0111\u1ebfn Trung Qu\u1ed1c \u0111ang m\u1edf r\u1ed9ng ph\u1ea1m vi to\u00e0n c\u1ea7u, th\u1eadm ch\u00ed nh\u1eafm t\u1edbi c\u1ea3 c\u00e1c \u0111\u1ed1i t\u00e1c th\u00e2n c\u1eadn nh\u01b0 Nga. \u0110i\u1ec1u n\u00e0y c\u1ea3nh b\u00e1o nguy c\u01a1 hi\u1ec7n h\u1eefu \u0111\u1ed1i v\u1edbi Vi\u1ec7t Nam c\u00f3 th\u1ec3 n\u1eb1m trong v\u00f9ng \u0111\u1ecf nh\u01b0 c\u00e1c n\u01b0\u1edbc \u0110\u00f4ng Nam \u00c1 kh\u00e1c, \u0111\u1eb7c bi\u1ec7t trong c\u00e1c l\u0129nh v\u1ef1c c\u00f4ng ngh\u1ec7 th\u00f4ng tin, vi\u1ec5n th\u00f4ng v\u00e0 ch\u00ednh ph\u1ee7 \u0111i\u1ec7n t\u1eed.<\/p>\n<p>Chuy\u00ean gia nh\u1eadn \u0111\u1ecbnh, nh\u00f3m n\u00e0y ho\u1ea1t \u0111\u1ed9ng tinh vi, khai th\u00e1c c\u00e1c c\u00f4ng c\u1ee5 h\u1ee3p ph\u00e1p v\u00e0 d\u1ecbch v\u1ee5 \u0111\u00e1m m\u00e2y \u0111\u1ec3 \u1ea9n m\u00ecnh, duy tr\u00ec quy\u1ec1n truy c\u1eadp l\u00e2u d\u00e0i v\u00e0 n\u00e9 tr\u00e1nh h\u1ec7 th\u1ed1ng ph\u00f2ng v\u1ec7. Do \u0111\u00f3, c\u00e1c t\u1ed5 ch\u1ee9c t\u1ea1i Vi\u1ec7t Nam c\u1ea7n t\u0103ng c\u01b0\u1eddng gi\u00e1m s\u00e1t l\u01b0u l\u01b0\u1ee3ng \u0111\u00e1m m\u00e2y v\u00e0 API, ki\u1ec3m tra an to\u00e0n chu\u1ed7i cung \u1ee9ng ph\u1ea7n m\u1ec1m, \u0111\u1ed3ng th\u1eddi tri\u1ec3n khai gi\u1ea3i ph\u00e1p EDR\/XDR v\u00e0 ph\u00e2n t\u00edch h\u00e0nh vi b\u1ea5t th\u01b0\u1eddng nh\u1eb1m ph\u00e1t hi\u1ec7n s\u1edbm d\u1ea5u hi\u1ec7u x\u00e2m nh\u1eadp ti\u1ec1m \u1ea9n.<\/p>\n<div style=\"text-align: right\"><b><i>Theo The Hacker News<\/i><\/b>\u200b<\/div>\n<div style=\"text-align: right;margin-top: 16px\"><i>Theo: <a href=\"https:\/\/whitehat.vn\/threads\/chien-dich-gian-diep-jewelbug-lan-sang-nga-dong-nam-a-nam-trong-vung-do.18842\/\" target=\"_blank\" rel=\"noopener noreferrer\">https:\/\/whitehat.vn\/threads\/chien-dich-gian-diep-jewelbug-lan-sang-nga-dong-nam-a-nam-trong-vung-do.18842\/<\/a><\/i><\/div>\n","protected":false},"excerpt":{"rendered":"<p>M\u1ed9t nh\u00f3m tin t\u1eb7c \u0111\u01b0\u1ee3c cho l\u00e0 c\u00f3 li\u00ean quan v\u1edbi Trung Qu\u1ed1c mang t\u00ean Jewelbug \u0111\u00e3 x\u00e2m nh\u1eadp \u00e2m th\u1ea7m trong 5 th\u00e1ng, c\u1ee5 th\u1ec3 t\u1eeb th\u00e1ng 1 \u0111\u1ebfn th\u00e1ng 5\/2025 v\u00e0o m\u1ea1ng n\u1ed9i b\u1ed9 c\u1ee7a m\u1ed9t nh\u00e0 cung c\u1ea5p d\u1ecbch v\u1ee5 IT t\u1ea1i Nga. V\u1ee5 vi\u1ec7c \u0111\u00e1nh d\u1ea5u b\u01b0\u1edbc m\u1edf r\u1ed9ng \u0111\u00e1ng ch\u00fa [&hellip;]<\/p>\n","protected":false},"author":46,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[33],"tags":[],"class_list":["post-10525","post","type-post","status-publish","format-standard","hentry","category-tin-tuc-cua-vien"],"_links":{"self":[{"href":"https:\/\/infosec.new88088.net\/wp-json\/wp\/v2\/posts\/10525","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/infosec.new88088.net\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/infosec.new88088.net\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/infosec.new88088.net\/wp-json\/wp\/v2\/users\/46"}],"replies":[{"embeddable":true,"href":"https:\/\/infosec.new88088.net\/wp-json\/wp\/v2\/comments?post=10525"}],"version-history":[{"count":0,"href":"https:\/\/infosec.new88088.net\/wp-json\/wp\/v2\/posts\/10525\/revisions"}],"wp:attachment":[{"href":"https:\/\/infosec.new88088.net\/wp-json\/wp\/v2\/media?parent=10525"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/infosec.new88088.net\/wp-json\/wp\/v2\/categories?post=10525"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/infosec.new88088.net\/wp-json\/wp\/v2\/tags?post=10525"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}