Ä«½ºÆÛ½ºÅ°, ºÏÇÑ ¶óÀڷ罺(Lazarus) ÇØÅ· ±×·ì »çÀ̹ö °ø°Ý Æ÷Âø

Ä«½ºÆÛ½ºÅ°(Áö»çÀå ÀÌÈ¿Àº)´Â ¿À´Ã, ÀÚ»çÀÇ ±Û·Î¹ú ¸®¼­Ä¡ ¹× ºÐ¼®ÆÀ(GReAT: Global Research and Analysis Team)ÀÌ ¿öÅ͸µ Ȧ(Watering Hole, ±ÝÀ¶º¸¾È ÇÁ·Î±×·¥À» ÅëÇØ ¾Ç¼ºÄÚµå ¼³Ä¡) ¹æ½Ä°ú ¼­µåÆÄƼ ¼ÒÇÁÆ®¿þ¾î Ãë¾àÁ¡ ¾Ç¿ëÀ» °áÇÕÇÑ ¶óÀڷ罺 ±×·ìÀÇ °íµµÈ­µÈ »çÀ̹ö °ø°ÝÀ» »õ·Ó°Ô ¹ß°ßÇß´Ù°í ¹àÇû´Ù. ÀÌ °ø°ÝÀº Çѱ¹ ³» ´Ù¾çÇÑ Á¶Á÷À» Ç¥ÀûÀ¸·Î Çϸç, Á¶»ç Áß ±¹³»¿¡¼­ ³Î¸® »ç¿ëµÇ´Â À̳븯½º ¿¡ÀÌÀüÆ®(Innorix Agent, ÆÄÀÏ Àü¼Û ¼ÒÇÁÆ®¿þ¾î)¿¡¼­ Á¦·Îµ¥ÀÌ(Zero-day) Ãë¾àÁ¡ÀÌ ¹ß°ßµÇ¾ú°í, ÇØ´ç Ãë¾àÁ¡Àº Áï°¢ ÆÐÄ¡µÆ´Ù. ÀÌ ¼Ò½ÄÀº ½Ì°¡Æ÷¸£¿¡¼­ 4¿ù 23ÀϺÎÅÍ 25ÀϱîÁö 3ÀÏ°£ °³ÃֵǴ ITÇà»çÀÎ ÀÚÀÌÅؽº ¾Æ½Ã¾Æ(GITEX Asia)¿¡¼­ °ø°³µÇ¾úÀ¸¸ç, ¶óÀڷ罺 ±×·ìÀÌ Çѱ¹ ¼ÒÇÁÆ®¿þ¾î »ýÅ°迡 ´ëÇÑ ±íÀº ÀÌÇظ¦ ¹ÙÅÁÀ¸·Î ´Ù´Ü°è °íµµÈ­ »çÀ̹ö °ø°ÝÀ» ¼öÇàÇÒ ¼ö ÀÖÀ½À» º¸¿©ÁØ´Ù.

¶óÀڷ罺 ±×·ìÀº 2009³âÀ» ÀüÈÄÇØ È°µ¿À» ½ÃÀÛÇÑ, Àڱݰú Á¶Á÷·ÂÀÌ ÅºÅºÇÑ ¾Ç¸í ³ôÀº ÇØÅ· Á¶Á÷ÀÌ´Ù. À̹ø Ä·ÆäÀο¡¼­´Â À̳븯½º ¿¡ÀÌÀüÆ®(Innorix Agent)ÀÇ ¿øµ¥ÀÌ Ãë¾àÁ¡(One-day Vulnerability, ÇÏ·ç Â÷ÀÌ·Î °ø°³µÈ Ãë¾àÁ¡)À» ¾Ç¿ëÇÑ Á¤È²ÀÌ Æ÷ÂøµÆ´Ù. À̳븯½º ¿¡ÀÌÀüÆ®´Â ÇàÁ¤ ¹× ±ÝÀ¶ ½Ã½ºÅÛ ³» º¸¾È ÆÄÀÏ Àü¼ÛÀ» À§ÇØ »ç¿ëµÇ´Â ºê¶ó¿ìÀú ÅëÇÕÇü ¼­µåÆÄƼ µµ±¸´Ù. ÀÌ Ãë¾àÁ¡À» È°¿ëÇØ °ø°ÝÀÚ´Â Ãø¸é À̵¿(Lateral Movement)À» °¡´ÉÇÏ°Ô ÇÏ°í, Ãß°¡ ¾Ç¼ºÄÚµå ¼³Ä¡¸¦ ÁøÇàÇß´Ù. ÃÖÁ¾ÀûÀ¸·Î´Â ¶óÀڷ罺ÀÇ ´ëÇ¥ ¾Ç¼ºÄÚµåÀÎ ThreatNeedle°ú LPEClient°¡ ³»ºÎ ³×Æ®¿öÅ©¿¡ ¹èÆ÷µÇ¾î Àå¾Ç·ÂÀ» °­È­Çß´Ù. ÀÌ Ãë¾àÁ¡Àº ¾Æ°¡¸â³í(Agamemnon) ´Ù¿î·Î´õ¸¦ ÅëÇØ ÀüÆĵǾúÀ¸¸ç, À̳븯½ºÀÇ Ãë¾à ¹öÀüÀÎ (9.2.18.496)À» ´ë»óÀ¸·Î Çß´Ù.

Ä«½ºÆÛ½ºÅ° GReAT´Â ¾Ç¼ºÄÚµåÀÇ ÇàÀ§ ºÐ¼® Áß¿¡ ÀÓÀÇ ÆÄÀÏ ´Ù¿î·Îµå Á¦·Îµ¥ÀÌ Ãë¾àÁ¡(Arbitrary File Download Zero-day Vulnerability)À» Ãß°¡·Î ¹ß°ßÇßÀ¸¸ç, ÀÌ´Â ½ÇÁ¦ °ø°ÝÀÚ°¡ È°¿ëÇϱâ Àü¿¡ »çÀü ŽÁöµÈ °ÍÀÌ´Ù. Ä«½ºÆÛ½ºÅ°´Â ÇØ´ç ¹®Á¦¸¦ Çѱ¹ÀÎÅͳÝÁøÈï¿ø(KrCERT)°ú °ø±Þ»ç¿¡ ½Å°íÇÏ¿´À¸¸ç, ÇØ´ç ¼ÒÇÁÆ®¿þ¾î´Â ÆÐÄ¡ ¹öÀüÀ¸·Î ¾÷µ¥ÀÌÆ®µÇ¾ú´Ù. ÇØ´ç Ãë¾àÁ¡Àº KVE-2025-0014 ½Äº°ÀÚ·Î µî·ÏµÇ¾ú´Ù.