{"id":129651,"date":"2023-09-07T19:28:00","date_gmt":"2023-09-07T16:28:00","guid":{"rendered":"https:\/\/podiji.karpat.in.ua\/?p=129651"},"modified":"2023-09-07T16:39:11","modified_gmt":"2023-09-07T13:39:11","slug":"elloptak-a-microsoft-alairokulcsat","status":"publish","type":"post","link":"https:\/\/podiji.karpat.in.ua\/?p=129651&lang=hu","title":{"rendered":"Ellopt\u00e1k a Microsoft al\u00e1\u00edr\u00f3kulcs\u00e1t"},"content":{"rendered":"\n<p class=\"wp-block-paragraph\"><strong>A korm\u00e1nyzati e-mail fi\u00f3kok felt\u00f6r\u00e9s\u00e9hez haszn\u00e1lt al\u00e1\u00edr\u00f3kulcsot egy Windows \u00f6sszeoml\u00e1s ut\u00e1n siker\u00fclt ellopni, k\u00f6z\u00f6lte a c\u00e9g \u00e1tfog\u00f3 elemz\u00e9s ut\u00e1n.<\/strong><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">A Microsoft felh\u0151szolg\u00e1ltat\u00e1s\u00e1nak hib\u00e1j\u00e1t kihaszn\u00e1lva siker\u00fclt hozz\u00e1f\u00e9rni\u00fck k\u00ednai hackereknek amerikai \u00e9s eur\u00f3pai korm\u00e1nyzati dokumentumokhoz, t\u00f6bbek k\u00f6zt alkalmazottak e-mail fi\u00f3kjaihoz \u2013 er\u0151s\u00edtette meg a t\u00e1mad\u00e1s t\u00e9ny\u00e9t a redmondi szoftver\u00f3ri\u00e1s m\u00e9g j\u00faliusban. A Storm\u20130558 n\u00e9ven eml\u00edtett kiberb\u0171n\u00f6z\u0151i csoport a becsl\u00e9sek szerint 25 szervezet e-mail-fi\u00f3kjait kompromitt\u00e1lta, k\u00f6zt\u00fck korm\u00e1nyzati szerveket, \u00e9s a szervezetekhez kapcsol\u00f3d\u00f3 \u00fcgyf\u00e9lfi\u00f3kokat. Az Egyes\u00fclt \u00c1llamok k\u00fcl\u00fcgyminiszt\u00e9riuma \u00e9s Kereskedelmi Miniszt\u00e9riuma nyilatkozatai szerint \u0151k is az \u00e9rintett \u00fcgyn\u00f6ks\u00e9gek k\u00f6z\u00e9 tartoznak.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"576\" src=\"https:\/\/podiji.karpat.in.ua\/wp-content\/uploads\/2023\/09\/hekker-1024x576.jpg\" alt=\"\" class=\"wp-image-129652\" srcset=\"https:\/\/podiji.karpat.in.ua\/wp-content\/uploads\/2023\/09\/hekker-1024x576.jpg 1024w, https:\/\/podiji.karpat.in.ua\/wp-content\/uploads\/2023\/09\/hekker-300x169.jpg 300w, https:\/\/podiji.karpat.in.ua\/wp-content\/uploads\/2023\/09\/hekker-768x432.jpg 768w, https:\/\/podiji.karpat.in.ua\/wp-content\/uploads\/2023\/09\/hekker-1536x864.jpg 1536w, https:\/\/podiji.karpat.in.ua\/wp-content\/uploads\/2023\/09\/hekker.jpg 1600w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n<\/div>\n\n\n<p class=\"wp-block-paragraph\">A c\u00e9g nemr\u00e9g fedte fel, hogy a hackerek az egyik m\u00e9rn\u00f6k v\u00e1llalati fi\u00f3kj\u00e1t t\u00f6rt\u00e9k fel, majd olyan elektronikus al\u00e1\u00edr\u00e1sra tettek szert, aminek birtok\u00e1ban hozz\u00e1f\u00e9rhettek az Azure \u00e9s az Exchange v\u00e9dett r\u00e9szeihez. A Microsoft-fi\u00f3k al\u00e1\u00edr\u00f3kulcs\u00e1val siker\u00fclt tokeneket hamis\u00edtani a Microsoft meger\u0151s\u00edtett Azure AD felh\u0151szolg\u00e1ltat\u00e1s\u00e1hoz. Arra azonban egy ideig nem k\u00f6z\u00f6ltek magyar\u00e1zatot, hogyan szerezt\u00e9k meg az elk\u00f6vet\u0151k a hiteles\u00edt\u0151 adatokat a Microsoft bels\u0151s h\u00e1l\u00f3zat\u00e1b\u00f3l.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Nem az EU, a f\u00e1jdalom hozza el a security szakm\u00e1k renesz\u00e1nsz\u00e1t Itt NIS2, az Eur\u00f3pai Uni\u00f3 kiberbiztons\u00e1gi direkt\u00edv\u00e1ja. A friss kraftie ad\u00e1sban arr\u00f3l besz\u00e9lgett\u00fcnk, vajon fel\u00e9rt\u00e9kel\u0151dik-e hat\u00e1s\u00e1ra a security szakma.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">A redmondi c\u00e9g szerdai k\u00f6zl\u00e9se szerint az egyik m\u00e9rn\u00f6k v\u00e1llalati fi\u00f3kj\u00e1nak felt\u00f6r\u00e9se ut\u00e1n siker\u00fclt a Storm-0558-nak ellopnia a kulcsot, amivel csak olyan alkalmazott rendelkezhetett, aki \u00e1tesett el\u0151tte egy h\u00e1tt\u00e9rellen\u0151rz\u00e9sen, illetve a kulcsot is csak egy t\u00f6bbfaktoros biztons\u00e1ggal ell\u00e1tott speci\u00e1lis munka\u00e1llom\u00e1son lehetett haszn\u00e1lni. A dedik\u00e1lt k\u00f6rnyezetben a v\u00e9delem \u00e9rdek\u00e9ben az e-mailez\u00e9s \u00e9s a k\u00fcls\u0151s kommunik\u00e1ci\u00f3 nem volt enged\u00e9lyezett, a k\u00f6rnyezet r\u00e1ad\u00e1sul elk\u00fcl\u00f6n\u00edtetten m\u0171k\u00f6d\u00f6tt a Microsoft h\u00e1l\u00f3zat\u00e1nak t\u00f6bbi r\u00e9sz\u00e9t\u0151l.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">A szigor\u00fa biztos\u00edt\u00e9kok jelentette v\u00e9delem azonban hat\u00e1stalann\u00e1 v\u00e1lt 2021. \u00e1prilis\u00e1ban, amikor \u00f6sszeomlott a munka\u00e1llom\u00e1s, ekkor a Windows a mem\u00f3ri\u00e1ban t\u00e1rolt \u00f6sszes adatot lemezre \u00edrta, hogy a m\u00e9rn\u00f6k\u00f6k k\u00e9s\u0151bb egy debugging k\u00f6rnyezetben diagnosztiz\u00e1lhass\u00e1k az okokat. A kulcs azonban egy technikai hiba miatt k\u00f3dolatlanul benne maradt a ment\u00e9sben annak ellen\u00e9re, hogy az \u00e9rz\u00e9keny adatok \u00e9s al\u00e1\u00edr\u00f3 kulcsok jellemz\u0151en nem k\u00e9pezik a diagnosztik\u00e1hoz sz\u00fcks\u00e9ges ment\u00e9s r\u00e9sz\u00e9t.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong><a href=\"https:\/\/www.hwsw.hu\/hirek\/66608\/microsoft-azure-alairokulcs-hack-feltores.html\">(hwsw.hu)<\/a><\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"<p>A korm\u00e1nyzati e-mail fi\u00f3kok felt\u00f6r\u00e9s\u00e9hez haszn\u00e1lt al\u00e1\u00edr\u00f3kulcsot egy Windows \u00f6sszeoml\u00e1s ut\u00e1n siker\u00fclt ellopni, k\u00f6z\u00f6lte a c\u00e9g \u00e1tfog\u00f3 elemz\u00e9s ut\u00e1n.<\/p>\n","protected":false},"author":12,"featured_media":129652,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[41,11,39],"tags":[48602,17546],"class_list":["post-129651","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cikkek","category-kiemelt-tema","category-vilag","tag-hackerek","tag-microsoft"],"_links":{"self":[{"href":"https:\/\/podiji.karpat.in.ua\/index.php?rest_route=\/wp\/v2\/posts\/129651","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/podiji.karpat.in.ua\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/podiji.karpat.in.ua\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/podiji.karpat.in.ua\/index.php?rest_route=\/wp\/v2\/users\/12"}],"replies":[{"embeddable":true,"href":"https:\/\/podiji.karpat.in.ua\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=129651"}],"version-history":[{"count":1,"href":"https:\/\/podiji.karpat.in.ua\/index.php?rest_route=\/wp\/v2\/posts\/129651\/revisions"}],"predecessor-version":[{"id":129656,"href":"https:\/\/podiji.karpat.in.ua\/index.php?rest_route=\/wp\/v2\/posts\/129651\/revisions\/129656"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/podiji.karpat.in.ua\/index.php?rest_route=\/wp\/v2\/media\/129652"}],"wp:attachment":[{"href":"https:\/\/podiji.karpat.in.ua\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=129651"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/podiji.karpat.in.ua\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=129651"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/podiji.karpat.in.ua\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=129651"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}