{"id":46518,"date":"2025-08-06T09:12:28","date_gmt":"2025-08-06T02:12:28","guid":{"rendered":"https:\/\/antoanthongtinhaiphong.gov.vn\/?p=46518"},"modified":"2025-08-15T09:13:18","modified_gmt":"2025-08-15T02:13:18","slug":"the-gioi-chao-dao-vi-ma-doc-pxa-stealer-nghi-van-lien-quan-den-tin-tac-viet-nam","status":"publish","type":"post","link":"https:\/\/antoanthongtinhaiphong.gov.vn\/the-gioi-chao-dao-vi-ma-doc-pxa-stealer-nghi-van-lien-quan-den-tin-tac-viet-nam\/","title":{"rendered":"Th\u1ebf gi\u1edbi chao \u0111\u1ea3o v\u00ec m\u00e3 \u0111\u1ed9c PXA Stealer, nghi v\u1ea5n li\u00ean quan \u0111\u1ebfn tin t\u1eb7c Vi\u1ec7t Nam?"},"content":{"rendered":"<p><b>C\u00e1c chuy\u00ean gia an ninh m\u1ea1ng qu\u1ed1c t\u1ebf \u0111ang gi\u00f3ng l\u00ean h\u1ed3i chu\u00f4ng c\u1ea3nh b\u00e1o v\u1ec1 m\u1ed9t chi\u1ebfn d\u1ecbch ph\u00e1t t\u00e1n m\u00e3 \u0111\u1ed9c m\u1edbi v\u1edbi quy m\u00f4 to\u00e0n c\u1ea7u. M\u00e3 \u0111\u1ed9c mang t\u00ean PXA Stealer \u0111\u01b0\u1ee3c l\u1eadp tr\u00ecnh b\u1eb1ng ng\u00f4n ng\u1eef Python \u0111ang b\u1ecb khai th\u00e1c \u0111\u1ec3 \u0111\u00e1nh c\u1eafp th\u00f4ng tin nh\u1ea1y c\u1ea3m c\u1ee7a ng\u01b0\u1eddi d\u00f9ng nh\u01b0 m\u1eadt kh\u1ea9u, d\u1eef li\u1ec7u th\u1ebb t\u00edn d\u1ee5ng v\u00e0 cookie tr\u00ecnh duy\u1ec7t. \u0110\u00e1ng ch\u00fa \u00fd, nhi\u1ec1u d\u1ea5u hi\u1ec7u k\u1ef9 thu\u1eadt ban \u0111\u1ea7u cho th\u1ea5y nh\u00f3m \u0111\u1ee9ng sau c\u00f3 th\u1ec3 l\u00e0 c\u00e1c \u0111\u1ed1i t\u01b0\u1ee3ng s\u1eed d\u1ee5ng ti\u1ebfng Vi\u1ec7t, tuy nhi\u00ean m\u1ed1i li\u00ean h\u1ec7 n\u00e0y v\u1eabn \u0111ang \u0111\u01b0\u1ee3c \u0111i\u1ec1u tra l\u00e0m r\u00f5.<\/b><\/p>\n<p>Theo b\u00e1o c\u00e1o chung t\u1eeb hai c\u00f4ng ty an ninh m\u1ea1ng Beazley Security v\u00e0 SentinelOne, c\u00e1c chi\u1ebfn d\u1ecbch s\u1eed d\u1ee5ng m\u00e3 \u0111\u1ed9c PXA Stealer \u0111\u00e3 x\u00e2m nh\u1eadp h\u01a1n 4.000 \u0111\u1ecba ch\u1ec9 IP t\u1ea1i 62 qu\u1ed1c gia, bao g\u1ed3m M\u1ef9, H\u00e0n Qu\u1ed1c, H\u00e0 Lan, Hungary v\u00e0 \u00c1o. T\u1ed5ng c\u1ed9ng, tin t\u1eb7c \u0111\u00e3 \u0111\u00e1nh c\u1eafp h\u01a1n 200.000 m\u1eadt kh\u1ea9u, h\u00e0ng tr\u0103m th\u00f4ng tin th\u1ebb t\u00edn d\u1ee5ng v\u00e0 h\u01a1n 4 tri\u1ec7u cookie tr\u00ecnh duy\u1ec7t.<\/p>\n<div>\n<div class=\"bbImageWrapper  js-lbImage\" title=\"1754365867212.png\" data-src=\"https:\/\/whitehat.vn\/attachments\/1754365867212-png.17432\/\" data-lb-sidebar-href=\"\" data-lb-caption-extra-html=\"\" data-single-image=\"1\"><img loading=\"lazy\" decoding=\"async\" class=\"bbImage\" title=\"1754365867212.png\" src=\"https:\/\/whitehat.vn\/attachments\/1754365867212-png.17432\/\" alt=\"1754365867212.png\" width=\"728\" height=\"380\" data-url=\"\" data-zoom-target=\"1\" \/><\/div>\n<\/div>\n<p>PXA Stealer \u0111\u01b0\u1ee3c \u0111\u00e1nh gi\u00e1 l\u00e0 c\u00f3 kh\u1ea3 n\u0103ng \u1ea9n m\u00ecnh r\u1ea5t tinh vi, s\u1eed d\u1ee5ng c\u00e1c k\u1ef9 thu\u1eadt ch\u1ed1ng ph\u00e2n t\u00edch v\u00e0 ng\u1ee5y trang b\u1eb1ng t\u00e0i li\u1ec7u gi\u1ea3 (nh\u01b0 c\u1ea3nh b\u00e1o vi ph\u1ea1m b\u1ea3n quy\u1ec1n) \u0111\u1ec3 \u0111\u00e1nh l\u1eeba ng\u01b0\u1eddi d\u00f9ng. M\u00e3 \u0111\u1ed9c n\u00e0y c\u00f2n c\u00f3 th\u1ec3 l\u1ea5y d\u1eef li\u1ec7u t\u1eeb:<\/p>\n<ul>\n<li data-xf-list-type=\"ul\">Tr\u00ecnh duy\u1ec7t web (bao g\u1ed3m m\u1eadt kh\u1ea9u, d\u1eef li\u1ec7u t\u1ef1 \u0111i\u1ec1n, cookie)<\/li>\n<li data-xf-list-type=\"ul\">V\u00ed ti\u1ec1n \u0111i\u1ec7n t\u1eed<\/li>\n<li data-xf-list-type=\"ul\">\u1ee8ng d\u1ee5ng VPN<\/li>\n<li data-xf-list-type=\"ul\">C\u00e1c c\u00f4ng c\u1ee5 qu\u1ea3n l\u00fd \u0111\u00e1m m\u00e2y d\u00f2ng l\u1ec7nh (CLI)<\/li>\n<li data-xf-list-type=\"ul\">C\u00e1c t\u1ec7p chia s\u1ebb trong m\u1ea1ng n\u1ed9i b\u1ed9<\/li>\n<li data-xf-list-type=\"ul\">\u1ee8ng d\u1ee5ng nh\u01b0 Discord<\/li>\n<\/ul>\n<p>\u0110i\u1ec3m \u0111\u00e1ng lo ng\u1ea1i l\u00e0 d\u1eef li\u1ec7u b\u1ecb \u0111\u00e1nh c\u1eafp s\u1ebd \u0111\u01b0\u1ee3c chuy\u1ec3n v\u1ec1 c\u00e1c k\u00eanh Telegram b\u00ed m\u1eadt, sau \u0111\u00f3 \u0111\u01b0\u1ee3c t\u1ef1 \u0111\u1ed9ng rao b\u00e1n tr\u00ean c\u00e1c n\u1ec1n t\u1ea3ng ng\u1ea7m nh\u01b0 Sherlock, n\u01a1i c\u00e1c t\u1ed9i ph\u1ea1m m\u1ea1ng kh\u00e1c c\u00f3 th\u1ec3 mua l\u1ea1i \u0111\u1ec3 th\u1ef1c hi\u1ec7n h\u00e0nh vi l\u1eeba \u0111\u1ea3o, chi\u1ebfm \u0111o\u1ea1t ti\u1ec1n \u0111i\u1ec7n t\u1eed ho\u1eb7c x\u00e2m nh\u1eadp t\u1ed5 ch\u1ee9c\/doanh nghi\u1ec7p.<\/p>\n<p>PXA Stealer \u0111\u01b0\u1ee3c ph\u00e1t hi\u1ec7n l\u1ea7n \u0111\u1ea7u v\u00e0o th\u00e1ng 11\/2024 khi n\u00f3 nh\u1eafm m\u1ee5c ti\u00eau v\u00e0o c\u00e1c t\u1ed5 ch\u1ee9c ch\u00ednh ph\u1ee7 v\u00e0 gi\u00e1o d\u1ee5c t\u1ea1i ch\u00e2u \u00c2u v\u00e0 ch\u00e2u \u00c1. \u0110\u1ebfn nay, chi\u1ebfn d\u1ecbch ph\u00e1t t\u00e1n m\u00e3 \u0111\u1ed9c n\u00e0y \u0111\u00e3 ph\u00e1t tri\u1ec3n c\u1ea3 v\u1ec1 chi\u1ebfn thu\u1eadt l\u1eabn m\u1ee9c \u0111\u1ed9 t\u1ed5 ch\u1ee9c. Tin t\u1eb7c s\u1eed d\u1ee5ng k\u1ef9 thu\u1eadt DLL side-loading, t\u1ee9c l\u00e0 ch\u1ea1y m\u00e3 \u0111\u1ed9c th\u00f4ng qua c\u00e1c t\u1ec7p th\u01b0 vi\u1ec7n h\u1ee3p ph\u00e1p b\u1ecb ch\u1ec9nh s\u1eeda \u0111\u1ec3 tr\u00e1nh b\u1ecb ph\u00e1t hi\u1ec7n.<\/p>\n<p>C\u00e1c k\u00eanh Telegram \u0111\u01b0\u1ee3c s\u1eed d\u1ee5ng trong chi\u1ebfn d\u1ecbch ho\u1ea1t \u0111\u1ed9ng nh\u01b0 m\u1ed9t &#8220;tr\u1ea1m trung chuy\u1ec3n&#8221;, n\u01a1i d\u1eef li\u1ec7u b\u1ecb l\u1ea5y c\u1eafp \u0111\u01b0\u1ee3c l\u01b0u tr\u1eef v\u00e0 th\u00f4ng b\u00e1o c\u1eadp nh\u1eadt cho k\u1ebb t\u1ea5n c\u00f4ng. Nh\u1eefng k\u1ebb \u0111\u1ee9ng sau m\u00e3 \u0111\u1ed9c n\u00e0y c\u00f3 d\u1ea5u hi\u1ec7u ho\u1ea1t \u0111\u1ed9ng c\u00f3 t\u1ed5 ch\u1ee9c, t\u1eadn d\u1ee5ng Telegram nh\u01b0 m\u1ed9t \u201cch\u1ee3 \u0111en\u201d \u0111\u1ec3 trao \u0111\u1ed5i th\u00f4ng tin n\u1ea1n nh\u00e2n.<\/p>\n<p>PXA Stealer l\u00e0 minh ch\u1ee9ng cho vi\u1ec7c m\u00e3 \u0111\u1ed9c ng\u00e0y c\u00e0ng tr\u1edf n\u00ean tinh vi, chuy\u00ean nghi\u1ec7p v\u00e0 c\u00f3 t\u1ed5 ch\u1ee9c. \u0110\u1eb7c bi\u1ec7t, v\u1edbi s\u1ef1 nghi v\u1ea5n li\u00ean quan \u0111\u1ebfn c\u00e1c nh\u00f3m tin t\u1eb7c n\u00f3i ti\u1ebfng Vi\u1ec7t, chi\u1ebfn d\u1ecbch n\u00e0y cho th\u1ea5y t\u1ed9i ph\u1ea1m m\u1ea1ng trong n\u01b0\u1edbc \u0111ang d\u1ea7n tham gia v\u00e0o nh\u1eefng ho\u1ea1t \u0111\u1ed9ng quy m\u00f4 to\u00e0n c\u1ea7u. Ng\u01b0\u1eddi d\u00f9ng c\u00e1 nh\u00e2n v\u00e0 doanh nghi\u1ec7p t\u1ea1i Vi\u1ec7t Nam n\u00ean n\u00e2ng cao c\u1ea3nh gi\u00e1c, c\u1eadp nh\u1eadt ph\u1ea7n m\u1ec1m di\u1ec7t virus, kh\u00f4ng m\u1edf c\u00e1c t\u1ec7p \u0111\u00ednh k\u00e8m \u0111\u00e1ng ng\u1edd v\u00e0 s\u1eed d\u1ee5ng x\u00e1c th\u1ef1c hai l\u1edbp (2FA) \u0111\u1ec3 b\u1ea3o v\u1ec7 t\u00e0i kho\u1ea3n c\u1ee7a m\u00ecnh.<\/p>\n<p>T\u1eeb g\u00f3c nh\u00ecn c\u1ee7a nh\u00f3m nghi\u00ean c\u1ee9u m\u00e3 \u0111\u1ed9c t\u1ea1i Bkav, tuy \u0111\u00e2y k\u1ef9 thu\u1eadt \u0111\u01b0\u1ee3c s\u1eed d\u1ee5ng kh\u00f4ng m\u1edbi nh\u01b0ng chuy\u00ean gia an ninh h\u1ec7 th\u1ed1ng c\u1ea7n l\u01b0u \u00fd:<\/p>\n<ol>\n<li data-xf-list-type=\"ol\">T\u0103ng c\u01b0\u1eddng gi\u00e1m s\u00e1t c\u00e1c h\u00e0nh vi b\u1ea5t th\u01b0\u1eddng trong h\u1ec7 th\u1ed1ng, \u0111\u1eb7c bi\u1ec7t ch\u00fa \u00fd \u0111\u1ebfn:\n<ul>\n<li data-xf-list-type=\"ul\">K\u1ebft n\u1ed1i \u0111\u1ebfn n\u1ec1n t\u1ea3ng Telegram (th\u01b0\u1eddng b\u1ecb l\u1ea1m d\u1ee5ng l\u00e0m k\u00eanh \u0111i\u1ec1u khi\u1ec3n C2).<\/li>\n<li data-xf-list-type=\"ul\">H\u00e0nh vi DLL sideloading &#8211; k\u1ef9 thu\u1eadt th\u01b0\u1eddng \u0111\u01b0\u1ee3c s\u1eed d\u1ee5ng \u0111\u1ec3 t\u1ea3i m\u00e3 \u0111\u1ed9c m\u00e0 kh\u00f4ng b\u1ecb ph\u00e1t hi\u1ec7n.<\/li>\n<\/ul>\n<\/li>\n<li data-xf-list-type=\"ol\">T\u1ed5 ch\u1ee9c hu\u1ea5n luy\u1ec7n ng\u01b0\u1eddi d\u00f9ng nh\u1eb1m n\u00e2ng cao nh\u1eadn th\u1ee9c v\u1ec1 an to\u00e0n th\u00f4ng tin, t\u1eadp trung v\u00e0o:\n<ul>\n<li data-xf-list-type=\"ul\">Nh\u1eadn di\u1ec7n v\u00e0 c\u1ea3nh gi\u00e1c v\u1edbi email \u0111\u00ednh k\u00e8m t\u1ec7p ZIP ho\u1eb7c script \u0111\u1ed9c h\u1ea1i.<\/li>\n<li data-xf-list-type=\"ul\">Th\u1ef1c h\u00e0nh x\u1eed l\u00fd c\u00e1c t\u00ecnh hu\u1ed1ng nghi ng\u1edd l\u1eeba \u0111\u1ea3o\/ph\u00e1t t\u00e1n m\u00e3 \u0111\u1ed9c qua email.<\/li>\n<\/ul>\n<\/li>\n<li data-xf-list-type=\"ol\">C\u1eadp nh\u1eadt IOC (Indicators of Compromise) v\u00e0 quy t\u1eafc ph\u00e1t hi\u1ec7n tr\u00ean c\u00e1c h\u1ec7 th\u1ed1ng gi\u00e1m s\u00e1t nh\u01b0 SIEM v\u00e0 EDR \u0111\u1ec3 \u0111\u1ea3m b\u1ea3o kh\u1ea3 n\u0103ng ph\u00e1t hi\u1ec7n s\u1edbm c\u00e1c m\u1ed1i \u0111e d\u1ecda.<\/li>\n<li data-xf-list-type=\"ol\">Th\u1ef1c hi\u1ec7n di\u1ec5n t\u1eadp k\u1ef9 thu\u1eadt m\u00f4 ph\u1ecfng chu\u1ed7i t\u1ea5n c\u00f4ng th\u1ef1c t\u1ebf nh\u1eb1m ki\u1ec3m tra v\u00e0 n\u00e2ng cao n\u0103ng l\u1ef1c ph\u1ea3n \u1ee9ng s\u1ef1 c\u1ed1 c\u1ee7a \u0111\u1ed9i ng\u0169 k\u1ef9 thu\u1eadt.<\/li>\n<\/ol>\n<div style=\"text-align: right;\"><b><i>Theo The Hacker News, WhiteHat<\/i><\/b><\/div>\n","protected":false},"excerpt":{"rendered":"<p>C\u00e1c chuy\u00ean gia an ninh m\u1ea1ng qu\u1ed1c t\u1ebf \u0111ang gi\u00f3ng l\u00ean h\u1ed3i chu\u00f4ng c\u1ea3nh b\u00e1o v\u1ec1 m\u1ed9t chi\u1ebfn d\u1ecbch ph\u00e1t t\u00e1n m\u00e3 \u0111\u1ed9c m\u1edbi v\u1edbi quy m\u00f4 to\u00e0n c\u1ea7u. M\u00e3 \u0111\u1ed9c mang t\u00ean PXA Stealer \u0111\u01b0\u1ee3c l\u1eadp tr\u00ecnh b\u1eb1ng ng\u00f4n ng\u1eef Python \u0111ang b\u1ecb khai th\u00e1c \u0111\u1ec3 \u0111\u00e1nh c\u1eafp th\u00f4ng tin nh\u1ea1y c\u1ea3m c\u1ee7a ng\u01b0\u1eddi [&hellip;]<\/p>\n","protected":false},"author":20,"featured_media":46519,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"tdm_status":"","tdm_grid_status":"","footnotes":""},"categories":[3,24],"tags":[],"class_list":["post-46518","post","type-post","status-publish","format-standard","has-post-thumbnail","category-canh-bao-khuyen-nghi","category-tin-noi-bat"],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/posts\/46518","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/users\/20"}],"replies":[{"embeddable":true,"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/comments?post=46518"}],"version-history":[{"count":1,"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/posts\/46518\/revisions"}],"predecessor-version":[{"id":46520,"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/posts\/46518\/revisions\/46520"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/media\/46519"}],"wp:attachment":[{"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/media?parent=46518"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/categories?post=46518"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/tags?post=46518"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}