微软明确指出这次攻击是由Volt Typhoon，一家总部设在中国的有中国国家支持的参与者实施

[CanGuanGong]

The attack is carried out by Volt Typhoon, a state-sponsored actor based in China that typically focuses on espionage and information gathering.

Microsoft assesses with moderate confidence that this Volt Typhoon campaign is pursuing development of capabilities that could disrupt critical communications infrastructure between the United States and Asia region during future crises.

Source:
https://www.microsoft.com/en-us/securit ... echniques/

美帝国防部联合声明：
https://media.defense.gov/2023/May/24/2 ... e_Land.PDF

[mass]

用的都是windows自带的工具，这样就能hack，windows太渣咯。

[CanGuanGong]

用的都是windows自带的工具，这样就能hack，windows太渣咯。

下这个结论前，你看了嘛？攻击还是有技术含量的：
The initial attack vector is the compromise of Internet-exposed Fortinet FortiGuard devices by exploiting an unknown zero-day vulnerability

[mass]

下这个结论前，你看了嘛？攻击还是有技术含量的：
The initial attack vector is the compromise of Internet-exposed Fortinet FortiGuard devices by exploiting an unknown zero-day vulnerability

“This command does not require administrative credentials to return results. ”

“By default, WMI Tracing is not enabled”

“Although the ntds.dit file is locked while in use by AD, a copy can be made by creating a Volume Shadow Copy”

看明白了吗，windows admin工具随便run，存密码的文件随便copy，这安全就是渣啊。

[CanGuanGong]

“This command does not require administrative credentials to return results. ”

“By default, WMI Tracing is not enabled”

“Although the ntds.dit file is locked while in use by AD, a copy can be made by creating a Volume Shadow Copy”

看明白了吗，windows admin工具随便run，存密码的文件随便copy，这安全就是渣啊。

前面睡说用的都是微软自带工具？