{"id":46524,"date":"2025-08-12T09:14:47","date_gmt":"2025-08-12T02:14:47","guid":{"rendered":"https:\/\/antoanthongtinhaiphong.gov.vn\/?p=46524"},"modified":"2025-08-15T09:16:09","modified_gmt":"2025-08-15T02:16:09","slug":"boi-thuc-an-ninh-mang-thang-7-nguoi-dung-kiet-suc-khi-phai-doi-pho","status":"publish","type":"post","link":"https:\/\/antoanthongtinhaiphong.gov.vn\/boi-thuc-an-ninh-mang-thang-7-nguoi-dung-kiet-suc-khi-phai-doi-pho\/","title":{"rendered":"B\u1ed9i th\u1ef1c an ninh m\u1ea1ng th\u00e1ng 7: Ng\u01b0\u1eddi d\u00f9ng ki\u1ec7t s\u1ee9c khi ph\u1ea3i \u0111\u1ed1i ph\u00f3"},"content":{"rendered":"

Th\u00e1ng 7\/2025 ch\u1ee9ng ki\u1ebfn m\u1ed9t chu\u1ed7i s\u1ef1 ki\u1ec7n an ninh m\u1ea1ng \u0111\u00e1ng b\u00e1o \u0111\u1ed9ng: t\u1eeb nh\u1eefng l\u1ed7 h\u1ed5ng c\u1ef1c k\u1ef3 nghi\u00eam tr\u1ecdng trong c\u00e1c n\u1ec1n t\u1ea3ng, s\u1ea3n ph\u1ea9m l\u1edbn \u0111\u1ebfn c\u00e1c chi\u1ebfn d\u1ecbch m\u00e3 \u0111\u1ed9c tinh vi v\u00e0 ransomware ti\u1ebfn h\u00f3a kh\u00f4ng ng\u1eebng. \u0110\u1eb7c bi\u1ec7t, ng\u01b0\u1eddi d\u00f9ng \u1edf \u0110\u00f4ng Nam \u00c1 v\u00e0 Vi\u1ec7t Nam \u0111\u00e3 b\u1ecb nh\u1eafm t\u1edbi b\u1eb1ng nhi\u1ec1u ph\u01b0\u01a1ng th\u1ee9c t\u1ea5n c\u00f4ng mang t\u00ednh c\u00e1 nh\u00e2n h\u00f3a khi\u1ebfn c\u1ea3 ng\u01b0\u1eddi d\u00f9ng v\u00e0 t\u1ed5 ch\u1ee9c \u0111\u1ec1u ki\u1ec7t s\u1ee9c.<\/b><\/p>\n

\n
\"1754983437376.png\"<\/div>\n

\u200b<\/p><\/div>\n

C\u00e1c l\u1ed7 h\u1ed5ng v\u1edbi \u0111i\u1ec3m CVSS t\u1eeb 9 – 10\u200b<\/h2>\n

C\u00e1c l\u1ed7 h\u1ed5ng n\u00e0y b\u1ecb khai th\u00e1c t\u1eadp trung v\u00e0o hai h\u01b0\u1edbng ch\u00ednh: t\u1ea5n c\u00f4ng th\u1eb3ng v\u00e0o h\u1ea1 t\u1ea7ng doanh nghi\u1ec7p l\u1edbn (SharePoint, Cisco, Fortinet, SAP, Apache\u2026) v\u00e0 nh\u1eafm v\u00e0o ng\u01b0\u1eddi d\u00f9ng cu\u1ed1i (Chrome V8, WordPress, Android). G\u1ea7n nh\u01b0 to\u00e0n b\u1ed9 c\u00e1c l\u1ed7 h\u1ed5ng \u0111\u1ec1u cho ph\u00e9p th\u1ef1c thi m\u00e3 t\u1eeb xa (RCE) ho\u1eb7c bypass x\u00e1c th\u1ef1c, d\u1ec5 d\u00e0ng k\u1ebft h\u1ee3p v\u1edbi m\u00e3 \u0111\u1ed9c \u0111\u1ec3 tri\u1ec3n khai ransomware, RAT ho\u1eb7c backdoor. \u0110\u00e1ng lo ng\u1ea1i, nhi\u1ec1u l\u1ed7 h\u1ed5ng \u0111\u00e3 b\u1ecb khai th\u00e1c th\u1ef1c t\u1ebf, cho th\u1ea5y m\u1ee9c \u0111\u1ed9 kh\u1ea9n c\u1ea5p trong vi\u1ec7c c\u1eadp nh\u1eadt b\u1ea3n v\u00e1 v\u00e0 t\u0103ng c\u01b0\u1eddng ph\u00f2ng th\u1ee7.<\/p>\n

    \n
  • Chu\u1ed7i l\u1ed7 h\u1ed5ng ToolShell CVE-2025-49704, CVE-2025-49706, CVE-2025-53770, CVE-2025-53771 trong Microsoft SharePoint Server v\u1edbi \u0111i\u1ec3m CVSS cao nh\u1ea5t 9,8. \u0110\u00e2y l\u00e0 l\u1ed7 h\u1ed5ng deserialization d\u1eef li\u1ec7u kh\u00f4ng tin c\u1eady k\u1ebft h\u1ee3p bypass x\u00e1c th\u1ef1c, cho ph\u00e9p th\u1ef1c thi m\u00e3 t\u1eeb xa (RCE). K\u1ebb t\u1ea5n c\u00f4ng kh\u00f4ng c\u1ea7n t\u00e0i kho\u1ea3n v\u1eabn c\u00f3 th\u1ec3 ch\u00e8n webshell, \u0111\u00e1nh c\u1eafp MachineKey, leo thang \u0111\u1eb7c quy\u1ec1n v\u00e0 ki\u1ec3m so\u00e1t to\u00e0n b\u1ed9 h\u1ec7 th\u1ed1ng SharePoint.<\/li>\n
  • L\u1ed7 h\u1ed5ng CVE-2025-20309 trong Cisco Unified Communications Manager (Unified CM\/SME) v\u1edbi \u0111i\u1ec3m CVSS 10,0. \u0110\u00e2y l\u00e0 l\u1ed7 h\u1ed5ng t\u00e0i kho\u1ea3n t\u0129nh v\u1edbi quy\u1ec1n root cho ph\u00e9p \u0111\u0103ng nh\u1eadp tr\u1ef1c ti\u1ebfp, th\u1ef1c thi l\u1ec7nh tu\u1ef3 \u00fd, nghe l\u00e9n cu\u1ed9c g\u1ecdi v\u00e0 thay \u0111\u1ed5i c\u01a1 ch\u1ebf x\u00e1c th\u1ef1c.<\/li>\n
  • L\u1ed7 h\u1ed5ng CVE-2025-20337, CVE-2025-20281, CVE-2025-20282 trong Cisco Identity Services Engine (ISE\/ISE-PIC) v\u1edbi \u0111i\u1ec3m CVSS 10,0. \u0110\u00e2y l\u00e0 l\u1ed7 h\u1ed5ng RCE kh\u00f4ng x\u00e1c th\u1ef1c k\u00e8m kh\u1ea3 n\u0103ng ghi \u0111\u00e8 t\u1ec7p, cho ph\u00e9p tin t\u1eb7c c\u00e0i m\u00e3 \u0111\u1ed9c ho\u1eb7c chi\u1ebfm quy\u1ec1n to\u00e0n b\u1ed9 h\u1ec7 th\u1ed1ng qu\u1ea3n l\u00fd truy c\u1eadp m\u1ea1ng.<\/li>\n
  • L\u1ed7 h\u1ed5ng CVE-2025-34067 trong Hikvision applyCT (HikCentral) v\u1edbi \u0111i\u1ec3m CVSS 10,0. \u0110\u00e2y l\u00e0 l\u1ed7 h\u1ed5ng deserialization kh\u00f4ng an to\u00e0n, cho ph\u00e9p RCE kh\u00f4ng x\u00e1c th\u1ef1c, t\u1eeb \u0111\u00f3 chi\u1ebfm quy\u1ec1n \u0111i\u1ec1u khi\u1ec3n h\u1ec7 th\u1ed1ng gi\u00e1m s\u00e1t v\u00e0 an ninh v\u1eadt l\u00fd.<\/li>\n
  • L\u1ed7 h\u1ed5ng CVE-2025-24813, CVE-2025-27636, CVE-2025-29891 trong Apache Tomcat & Apache Camel v\u1edbi \u0111i\u1ec3m CVSS 9,8. \u0110\u00e2y l\u00e0 l\u1ed7 h\u1ed5ng RCE khai th\u00e1c qua partial PUT (Tomcat) v\u00e0 header injection (Camel), cho ph\u00e9p tin t\u1eb7c ki\u1ec3m so\u00e1t m\u00e1y ch\u1ee7 web v\u00e0 backend.<\/li>\n
  • L\u1ed7 h\u1ed5ng CVE-2025-25227 trong FortiWeb. \u0110\u00e2y l\u00e0 l\u1ed7 h\u1ed5ng SQL Injection qua HTTP Authorization header, cho ph\u00e9p th\u1ef1c thi m\u00e3 t\u1eeb xa kh\u00f4ng x\u00e1c th\u1ef1c v\u00e0 ki\u1ec3m so\u00e1t m\u00e1y ch\u1ee7 WAF.<\/li>\n
  • L\u1ed7 h\u1ed5ng CVE-2025-5419 trong Chrome\/Chromium (V8). \u0110\u00e2y l\u00e0 l\u1ed7 h\u1ed5ng out-of-bounds read\/write trong V8, cho ph\u00e9p th\u1ef1c thi m\u00e3 t\u1eeb xa khi ng\u01b0\u1eddi d\u00f9ng truy c\u1eadp trang web \u0111\u1ed9c h\u1ea1i \u0111ang b\u1ecb khai th\u00e1c nh\u01b0 m\u1ed9t 0-day.<\/li>\n
  • L\u1ed7 h\u1ed5ng CVE-2025-31324 trong SAP NetWeaver v\u1edbi \u0111i\u1ec3m CVSS 9,8. \u0110\u00e2y l\u00e0 l\u1ed7 h\u1ed5ng upload t\u1ec7p kh\u00f4ng x\u00e1c th\u1ef1c, cho ph\u00e9p RCE v\u00e0 c\u00e0i backdoor v\u00e0o h\u1ec7 th\u1ed1ng ERP.<\/li>\n<\/ul>\n

    M\u00e3 \u0111\u1ed9c v\u00e0 bi\u1ebfn th\u1ec3 tinh vi\u200b<\/h2>\n

    Ransomware v\u00e0 RAT th\u1ebf h\u1ec7 m\u1edbi<\/b><\/p>\n

      \n
    • DragonForce RaaS & bi\u1ebfn th\u1ec3 DEVMAN: Cung c\u1ea5p b\u1ed9 c\u00f4ng c\u1ee5 t\u00f9y bi\u1ebfn cho \u0111\u1ed1i t\u00e1c, t\u1ea5n c\u00f4ng nhi\u1ec1u ng\u00e0nh. DEVMAN m\u00e3 h\u00f3a ghi ch\u00fa, \u0111\u1ed5i t\u00ean t\u1ec7p, ho\u1ea1t \u0111\u1ed9ng ngo\u1ea1i tuy\u1ebfn, nh\u1eafm t\u1ec7p c\u1ee5c b\u1ed9\/m\u1ea1ng, c\u00f3 trang r\u00f2 r\u1ec9 ri\u00eang (40+ n\u1ea1n nh\u00e2n ch\u00e2u \u00c1, ch\u00e2u Phi).<\/li>\n
    • Remcos RAT: Ph\u00e1t t\u00e1n qua phishing d\u00f9ng t\u1ec7p .pif, bypass UAC, obfuscation script, th\u00eam ngo\u1ea1i l\u1ec7 Windows Defender.<\/li>\n
    • XWorm: RAT \u0111a t\u00ednh n\u0103ng, tr\u00e1nh ph\u00e1t hi\u1ec7n AMSI\/ETW, ti\u00eam shellcode, duy tr\u00ec qua registry\/task scheduler.<\/li>\n
    • AsyncRAT\/DcRat\/VenomRAT: N\u00e2ng c\u1ea5p module, m\u00e3 h\u00f3a m\u1ea1nh, plugin m\u1edbi nh\u01b0 Screamers & USB Spreaders.<\/li>\n
    • Interlock RAT (NodeSnake): Ph\u00e1t t\u00e1n qua web CAPTCHA gi\u1ea3, d\u00f9ng Cloudflare Tunnel che gi\u1ea5u C2.<\/li>\n<\/ul>\n

      Stealer v\u00e0 malware \u0111\u1eb7c th\u00f9<\/b><\/p>\n

        \n
      • Lumma, Raven Stealer, DeerStealer, Fickle Stealer, ACRStealer\/AmateraStealer: \u0110\u00e1nh c\u1eafp d\u1eef li\u1ec7u tr\u00ecnh duy\u1ec7t, v\u00ed \u0111i\u1ec7n t\u1eed, t\u00e0i li\u1ec7u nh\u1ea1y c\u1ea3m; ph\u00e1t t\u00e1n qua phishing, game Steam (Chemia<\/i>), shortcut .lnk.<\/li>\n
      • RedHook (Android): Gi\u1ea3 m\u1ea1o t\u1ed5 ch\u1ee9c ch\u00ednh ph\u1ee7 Vi\u1ec7t Nam, y\u00eau c\u1ea7u quy\u1ec1n Accessibility & Overlay, \u0111i\u1ec1u khi\u1ec3n thi\u1ebft b\u1ecb t\u1eeb xa v\u1edbi 34 l\u1ec7nh.<\/li>\n
      • HazyBeacon: DLL side-loading, l\u1ee3i d\u1ee5ng AWS Lambda\/Google Drive \u0111\u1ec3 exfil d\u1eef li\u1ec7u.<\/li>\n<\/ul>\n

        C\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng m\u1ea1ng nguy hi\u1ec3m\u200b<\/h2>\n

        L\u1ea1m d\u1ee5ng n\u1ec1n t\u1ea3ng v\u00e0 chu\u1ed7i cung \u1ee9ng<\/b><\/p>\n

          \n
        • RedDirection: 18 extension Chrome\/Edge b\u1ecb bi\u1ebfn th\u00e0nh trojan, 2,3 tri\u1ec7u ng\u01b0\u1eddi \u1ea3nh h\u01b0\u1edfng.<\/li>\n
        • GitHub payload hosting: D\u00f9ng repo gi\u1ea3 m\u1ea1o ch\u1ee9a Amadey, SmokeLoader, tr\u00e1nh l\u1ecdc web.<\/li>\n
        • Trojan ZuRu: C\u00e0i v\u00e0o \u1ee9ng d\u1ee5ng h\u1ee3p ph\u00e1p (Termius) tr\u00ean macOS qua SEO poisoning.<\/li>\n
        • Oyster backdoor: Gi\u1ea3 m\u1ea1o PuTTY, KeePass, c\u00e0i DLL \u0111\u1ed9c, duy tr\u00ec qua scheduled task.<\/li>\n<\/ul>\n

          Chi\u1ebfn d\u1ecbch k\u1ef9 thu\u1eadt \u0111\u1eb7c bi\u1ec7t<\/b><\/p>\n

            \n
          • TapTrap (Android): Khai th\u00e1c ho\u1ea1t \u1ea3nh h\u1ec7 th\u1ed1ng \u0111\u1ec3 v\u01b0\u1ee3t ph\u00f2ng th\u1ee7.<\/li>\n
          • ClickFix: L\u1ee3i d\u1ee5ng l\u1ed7 h\u1ed5ng Windows 11 \u0111\u1ec3 tri\u1ec3n khai Rhadamanthys.<\/li>\n
          • GhostContainer: Nh\u1eafm Microsoft Exchange, khai th\u00e1c CVE-2020-0688, duy tr\u00ec backdoor kh\u00f4ng c\u1ea7n k\u1ebft n\u1ed1i tr\u1ef1c ti\u1ebfp C2.<\/li>\n
          • Scanception: PDF ch\u1ee9a QR code d\u1eabn t\u1edbi phishing Adversary-in-the-Middle.<\/li>\n
          • ClickFake Interview (Lazarus): L\u1eeba t\u1ea3i \u201cdriver webcam\u201d ch\u1ee9a GolangGhost RAT, \u0111a n\u1ec1n t\u1ea3ng.<\/li>\n<\/ul>\n

            Th\u00e1ng 7\/2025 t\u1ea1m kh\u00e9p l\u1ea1i v\u1edbi b\u1ee9c tranh an ninh m\u1ea1ng u \u00e1m v\u00e0 \u0111\u1ea7y lo ng\u1ea1i, li\u1ec7u th\u00e1ng 8 c\u00f3 kh\u1ea3 quan h\u01a1n? Nh\u1eefng l\u1ed7 h\u1ed5ng nghi\u00eam tr\u1ecdng li\u00ean ti\u1ebfp b\u1ecb khai th\u00e1c, m\u00e3 \u0111\u1ed9c v\u00e0 ransomware ng\u00e0y c\u00e0ng tinh vi, c\u00f9ng c\u00e1c chi\u1ebfn d\u1ecbch t\u1ea5n c\u00f4ng nh\u1eafm ch\u1ee7 \u0111\u00edch v\u00e0o ng\u01b0\u1eddi d\u00f9ng Vi\u1ec7t Nam v\u00e0 khu v\u1ef1c \u0110\u00f4ng Nam \u00c1. \u0110\u1ec3 ch\u1ed1ng l\u1ea1i l\u00e0n s\u00f3ng n\u00e0y, ng\u01b0\u1eddi d\u00f9ng ngay l\u1eadp t\u1ee9c c\u1eadp nh\u1eadt b\u1ea3n v\u00e1, t\u0103ng c\u01b0\u1eddng ph\u00f2ng th\u1ee7 v\u00e0 chia s\u1ebb th\u00f4ng tin l\u00e0 \u0111i\u1ec1u c\u1ea7n thi\u1ebft, n\u1ebfu kh\u00f4ng, b\u1ea1n s\u1ebd c\u00f2n ph\u1ea3i \u201cm\u1ec7t m\u1ecfi\u201d d\u00e0i d\u00e0i.<\/p>\n

            WhiteHat<\/i><\/b><\/div>\n","protected":false},"excerpt":{"rendered":"

            Th\u00e1ng 7\/2025 ch\u1ee9ng ki\u1ebfn m\u1ed9t chu\u1ed7i s\u1ef1 ki\u1ec7n an ninh m\u1ea1ng \u0111\u00e1ng b\u00e1o \u0111\u1ed9ng: t\u1eeb nh\u1eefng l\u1ed7 h\u1ed5ng c\u1ef1c k\u1ef3 nghi\u00eam tr\u1ecdng trong c\u00e1c n\u1ec1n t\u1ea3ng, s\u1ea3n ph\u1ea9m l\u1edbn \u0111\u1ebfn c\u00e1c chi\u1ebfn d\u1ecbch m\u00e3 \u0111\u1ed9c tinh vi v\u00e0 ransomware ti\u1ebfn h\u00f3a kh\u00f4ng ng\u1eebng. \u0110\u1eb7c bi\u1ec7t, ng\u01b0\u1eddi d\u00f9ng \u1edf \u0110\u00f4ng Nam \u00c1 v\u00e0 Vi\u1ec7t Nam \u0111\u00e3 […]<\/p>\n","protected":false},"author":20,"featured_media":46525,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"tdm_status":"","tdm_grid_status":"","footnotes":""},"categories":[4,24,35],"tags":[],"class_list":["post-46524","post","type-post","status-publish","format-standard","has-post-thumbnail","category-kien-thuc-an-toan-thong-tin","category-tin-noi-bat","category-tin-tuc-su-kien"],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/posts\/46524","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/users\/20"}],"replies":[{"embeddable":true,"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/comments?post=46524"}],"version-history":[{"count":1,"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/posts\/46524\/revisions"}],"predecessor-version":[{"id":46526,"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/posts\/46524\/revisions\/46526"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/media\/46525"}],"wp:attachment":[{"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/media?parent=46524"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/categories?post=46524"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/tags?post=46524"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}