EPS - "nezapamćeni hakerski napad, kripto tipa" - milos_rs - 12-18-2023
navodno DDOS? Ili su samo nešto zeznuli? ili su ljudi nagrnuli da vide nove račune i oborili im servere?
Nisam našao nikakvo obaveštenje nigde, samo komentare na twitteru https://twitter.com/search?q=eps+portal&f=live
i na redditu https://www.reddit.com/r/programiranje/comments/18lc9an/koja_kompanija_stoji_iza_eps_uvida_u_ra%C4%8Dune/
IP: 5.183.24.60
RE: portal.eps.rs ne radi ceo dan - Jana - 12-19-2023
Imali su hakerski (ransomware) napad, tvrde da su svi podaci bezbedni.
Link: https://n1info.rs/biznis/hakerski-napad-na-eps-iz-preduzeca-kazu-da-su-sistem-i-podaci-bezbedni/
Quote:"Elektroprivreda Srbije" saopštila je da se oporavlja od nezapamćenog hakerskog napada, kripto tipa.
Kako tvrde u tom javnom preduzeću, taj napad ni na koji način nije ugrozio proizvodnju, niti snabdevanje električnom energijom, a nesmetano su se odvijale i sve aktivnosti trgovine električnom energijom uz poštovanje preuzetih obaveza.
„Preduzete su sve zaštitne mere u cilju očuvanja sistema i zaštite bezbednosti podataka. Iz bezbednosnih razloga IT sistemi su stavljeni van funkcije sve dok IKT stručnjaci ne budu potpuno sigurni da je virus eliminisan. Apelujemo na strpljenje korisnika portala Uvid u račun, pošto je usled preduzetih zaštitnih mera otežan rad portala“, saopšteno je iz EPS-a.
Kažu da su o hakerskom napadu obavešteni nadležni državni organi, koji preuzimaju mere iz svoje nadležnosti.
EPS ističe da nije izuzetak, jer se nedavno u sličnoj situaciji našla i Holding Slovenske elektrane – slovenačka elektroprivreda.
RE: portal.eps.rs ne radi ceo dan - 1van - 12-19-2023
Da nije zbog: https://bezbedanbalkan.net/thread-1032-post-2866.html#pid2866 ?
Quote:Da sumiramo sada imamo sa tri različita izvora detalje (slike ekrana mejl inboksa zaposlenih i detekcije honeypot-ova, saznanja o internim EPS domenima iz Stealer logova i Password dampova) o kompromitaciji EPS-a.
RE: portal.eps.rs ne radi ceo dan - 1van - 12-19-2023
Uzeći u obzir da ne znamo šta je kompromitovano, ostaviću ove IP ovde u slučaju da naiđemo negde na ukrštanje.
Izvor: SecurityTrails + DIG A.
Code: adfs.eps.rs: aia1.eps.rs: 195.250.121.72
aia2.eps.rs: 195.252.96.114
apimgmt.eps.rs: apiportal.eps.rs: 5.183.24.60
autodiscover.eps.rs: 195.250.121.65 178.220.231.243 5.183.26.15 5.183.24.15
av.eps.rs: babel.eps.rs: 195.250.121.101
bidata.eps.rs: 195.250.121.86
bl13.eps.rs: 195.250.121.87
cip.eps.rs: 5.183.24.254
clickprd.eps.rs: 195.250.121.108
clickprd2.eps.rs: 195.250.121.108
clickprod.eps.rs: 195.250.121.108
clicktest.eps.rs: 195.250.121.108
cm-vid-all.eps.rs: 195.250.121.100
conference.eps.rs: 79.101.27.75
crl1.eps.rs: 195.250.121.72
crl2.eps.rs: 178.220.231.239
das.eps.rs: 195.250.121.61
dialin.eps.rs: dj01-vid-all.eps.rs: 195.250.121.100
dms.eps.rs: 178.220.231.237
dnsco.eps.rs: 178.220.231.39
dpp.eps.rs: 195.250.121.28
dwhtso.eps.rs: 52.166.89.108
e3.eps.rs: 195.250.121.60
ekabinet.eps.rs: 195.250.121.48
elen.eps.rs: energijacasopis.eps.rs: 195.250.121.245
epijournal.eps.rs: 5.183.24.72
epsgrupa.eps.rs: 195.250.121.62
epsict.eps.rs: 195.250.121.47
expresse.eps.rs: 195.250.121.50
expresswaye.eps.rs: 195.250.121.74
expresswaye2.eps.rs: 195.250.121.75
guest.eps.rs: 10.109.57.1 10.109.53.1
ipesoft.eps.rs: 178.220.231.235
kabinet.eps.rs: 195.250.121.45
ko-vid-all.eps.rs: 195.250.121.100
la-vid-all.eps.rs: lync.eps.rs: lyncdiscover.eps.rs: lyncpoolext2013.eps.rs: mail.eps.rs: 195.250.121.43
mail1.eps.rs: 178.220.231.242
meet.eps.rs: meteor-reklamacije.eps.rs: reklamacije.eps.rs. 195.250.121.88
mfasts.eps.rs: 195.250.121.39
msoid.eps.rs: clientconfig.microsoftonline-p.net. a.privatelink.msidentity.com. prda.aadg.msidentity.com. www.tm.a.prd.aadg.akadns.net. 40.126.31.67 20.190.159.68 20.190.159.73 40.126.31.69 20.190.159.71 20.190.159.75 20.190.159.23 20.190.159.4
mtoken.eps.rs: 195.250.121.108
ns1.eps.rs: 195.250.121.25
ns2.eps.rs: 178.220.231.39
ns3.eps.rs: 5.183.24.53
ns4.eps.rs: 5.183.26.53
ns5.eps.rs: 5.183.24.54
ocsp1.eps.rs: 195.250.121.72
ocsp2.eps.rs: 195.252.96.114
owa.eps.rs: 5.183.26.15 5.183.24.15 195.250.121.65 178.220.231.243
pki.eps.rs: 195.250.121.41
portal.eps.rs: 5.183.24.60
posta.eps.rs: 195.250.121.31
posta1.eps.rs: 195.250.121.26
posta2.eps.rs: 212.200.144.109
posta3.eps.rs: 212.200.144.110
prijava.eps.rs: pristup.eps.rs: 178.220.231.241
private.eps.rs: 195.250.121.27
prognoza.eps.rs: 195.250.121.70
protis.eps.rs: 195.250.121.19
rameses.eps.rs: 195.250.121.25
razmena.eps.rs: 195.250.121.59
reklamacije.eps.rs: 195.250.121.88
reorg.eps.rs: 195.250.121.46
rwe.eps.rs: 195.250.121.27
sapr.eps.rs: 195.250.121.52
sbgawcg01.eps.rs: 195.250.121.83
sbgawds01.eps.rs: 195.250.121.80
sbgawmp01.eps.rs: 195.250.121.82
sbgawseg01.eps.rs: 195.250.121.81
secure.eps.rs: 195.250.121.29
see.eps.rs: 178.220.231.41
sip.eps.rs: sp2013owa.eps.rs: 195.250.121.19
spoee-field.eps.rs: 178.220.231.237
spoeetest.eps.rs: 195.250.121.108
tenderroom.eps.rs: 195.250.121.62
tent-vid-all.eps.rs: 195.250.121.100
vcse.eps.rs: vpn.eps.rs: 178.220.231.240
vr-vid-all.eps.rs: vr01-vid-all.eps.rs: 195.250.121.100
vr02-vid-all.eps.rs: wac.eps.rs: web.eps.rs: 195.250.121.99
webconf.eps.rs: wifi.eps.rs: 1.1.1.1
www.eps.rs: 20.224.189.238
www.portal.eps.rs: 5.183.24.60
RE: portal.eps.rs ne radi ceo dan - 1van - 12-19-2023
Da nije "kripto" tipa ustvari ovaj: trojan-ransom.win32.Crypmod.gen ?
Izvor: https://cybermap.kaspersky.com/stats#country=203&type=MAV&period=w
RE: portal.eps.rs ne radi ceo dan - 1van - 12-19-2023
Dobili smo neproverene informacije da se radi o Qilin (Agenda) Ransomware.
Code: Ransom Demanding Message:
[random_string]-RECOVER-README.txt
Detection Names:
Avast: Win64:Trojan-gen
Sophos: Mal/Generic-S
Emsisoft: Trojan.Ransom.Babuk.F (B)
Kaspersky: Trojan.Win32.DelShad.ivd
Malwarebytes: Generic.Malware/Suspicious
Microsoft: Ransom:Win32/Babuk.SIB!MTB
RE: portal.eps.rs ne radi ceo dan - milos_rs - 12-19-2023
Qilin je uradio i Gigatron https://bezbedanbalkan.net/thread-459.html
Malo o Qilinu:
Quote:Qilin Targets its victims by sending phishing emails that contain malicious links to gain access to their network and exfiltrate sensitive data, as soon as Qilin completes initial access, they commonly circulate laterally across the victim’s infrastructure, attempting to find crucial statistics to encrypt. After encrypting the data Qilin leaves a Ransom note “Your network/system was encrypted, and the encrypted file has a new file extension” and asks for the ransom to pay for the decryption key
Qilin’s targets are primarily critical sector companies.
RE: portal.eps.rs ne radi ceo dan - milos_rs - 12-20-2023
the plot thickens...
Upozorenje zaposlenima u jednoj velikoj stranoj firmi u Srbiji na zlonamerne mejlove navodno od EPSa
RE: portal.eps.rs ne radi ceo dan - 1van - 12-20-2023
Ko je poslao ovu poruku?
RE: portal.eps.rs ne radi ceo dan - y0d4 - 12-20-2023
u kakvom je stanju grid infra. ako IT ovakve probleme ima... vidim da neka Nites firma im radi, zna neko neka njihova resenja?
https://nites.eu/
https://www.tanjug.rs/ekonomija/srbija/31999/pametne-elektoenergetske-mreze-znacajne-za-sistem-i-potrosace/vest
https://energijabalkana.net/ubrzano-do-pametnog-merenja-potrosnje-elektricne-energije-u-srbiji/
i malo "off topic" jel neko testirao ova wifi ("smart") brojila?
koliko ispratih po zemljama gde su vec neko vreme, brojne vuln. postoje... :/
|