Thursday, 4 June 2015

Advanced Persistent Threads

Hackerte'n Malware hlauhawm ber ber te an siamchhuah hi Advanced Persistent threads(APT) tiin an sawi thin a. Malware(computer natna hrik) te hi inthehdarh vak tur chi-a code an ni ber a, a ruk thei ang berin an che chhuak thin bawk a ni.  Chuvangin Computer natna hrik hrang hrangah pawh a thawk muang ber chi a ni a, Antivirus na zawngin an hmu thei lo bawk a ni. Heng bakah hian a target machine-ah hun rei tak a cham thei bawk a ni.

APT malware te hian hmanraw chi hrang hrang an nei ve bawk a. A tenawm ve riauna chu a hnathawh tibuai theitu a tawn chuan intihlum-in a intinung leh thei hi a ni. November 2013 khan Ralph Langner chuan APT malware Stuxnet a zirchianna report a rawn tichhuak a. Internet-ah chhiar tur tam mah se,  he stuxnet thawh dan hi Cyber Kill chain zulin tlema zawng sawi kan tum ve ang. A English-a chhiar ve chak hrim hrim chuan hetah hian chhiar theih a ni bawk e...http://www.langner.com/en/wp-content/uploads/2013/11/To-kill-a-centrifuge.pdf

Thawk khat lai khan US khuan Uranium sawngbawlna lama Iran hmalak dan chu a enghelh-in Iran-in Nuclear ralthuam puitling a siam thei tak tak ang tih a hlau hle a. Hei hi stuxnet lo pianchhan ber chu a ni. Kum 2012 June khan Security Company Virus Blockader chuan virus thar, Rootkit.Tmephider an hmuchhuak a. A hnuah hei hi Symantec chuan virus hming an phuah dan kalphung zawm turin W32.Stuxnet tiin a hminga thlak sak a, an siamchhuah hun tak hi 2005 vel kha niin an tarlang bawk a ni. Stuxnet hi Industrial powerplant & pipeline bei tura siam a ni a, chutihrualin engkim tichhe tura duan a ni bik lo a, equipment configuration then khat a target bik a, a target pui ber chu Iran Uranium Enrichment facility (hmanrua) a ni.
Reconnaisance phase-ah chuan Iran nuclear programme-a an hmanraw hman hriatchian hle a ngai a. Hemi atan hian research pui tham tak kalpuiin Iran atanga khawl bungrua leh sumdawnna chet vel dan thlengin an hriat hmasak a ngai a, Uranium sawngbawlna hmuna an khawl hman leh OS(Operating system) te an hriat hmasak vek a ngai bawk a ni. Heng bakah hian an facility hnuaia an management te an hriat vek a ngai a ni. Hei vang hian an research and development pawh a neu lo hle ang tih chu rinthiam har a ni lovang. Chuvangin weaponization phase chuan hun a duh rei thawkhat ve viauin a rinawm a ni.

Stuxnet hi email leh USB hmanga kai theih tura siam a ni a, then khatah chuan Uranium sawngbawlna hmuna electronic equipment-ah te an phumru tel bawk a ni. STuxnet hian a target beih nan Microsoft Windows felhlehna (vulnerability) chi li a hmang a, chung zinga pahnih phei chu siamthat (patch fix) a la ni lo nghe nghe a ni. Hetianga mi software felhelhna hmanga va beihna hi zero-day attack(exploit) tiin Computer tawngah chuan an sawi thin a ni. Miin a software-ah dik lo a lo hmuh khan a software siamtu lam hnenah a dik lo lai chu fix turin a report thin a, software siamtu-in a siamthat hma zawng kha zero day an ti a, hetiang hunah hian vantlang tam zawkin software vulnerbility chu an lo hre tawh thin a, chu chu malware siamtute'n remchangah hmangin software siamtu-in software diklohna (vulnerability) a siamthat hma chu remchangah hmangin mi beih nan an lo hmang tawh thin a ni.

Heng bakah hian stuxnet hian SCADA software(Industrial process-a an software hman nasat ber) himtawklohna (vulnerability) poh remchang takin a hmang bawk thei bawk a. Uranium sawngbawlna centrifuges hnathawh dan chu a tichakin a timuang thei bawk a, chutiang taka khawl a thunun tawh chuan Khawl pawhin a chhiatphah ngei ngei thin a ni. Irana stuxnet nghawng report a nih khan centrifuges 900 atanga 1000 inkar vel chu an thlak(replace) tawh nia sawi a ni. Belarus-a Computer Security firm te kovin an computer crash leh in reboot nawn sek mai te chu siamtha turin an ruai a, mahse eng teh ual a ni lo va, an buaina chu a la ngai reng a, a hnua researcher te'n an hmuhchhuah chu Khawvel-a digital weapon hmasa ber code hlauhawm tak an system pakhat-ah a lo awm reng a ni. November 29, 2010 khan Iran President chuan an Uranium sawngbawlna hmuna electronic part hrang hranga an software hmanah buaina a awm thu mipui vantlang hmaah a sawi a nih kha. Stuxnet chuan hlawhtling takin a hna a zo kan tithei ang. Cyber Kill Chain atanga kan thlir chuan Stuxnet hian Command and Control engmah a nei hran lo a, uranium sawngbawlna centrifuges hnathawh dan thlak sak emaw, fing taka lo khawih danglam ver kha a tum lo a, a goal ber chu tihchhiat a ni a, a hlawhtling tak zet bawk a ni.