APT-C-26(Lazarus 音译”拉撒路”)是从2009年以来至今一直处于活跃的APT组织,据国外安全公司调查显示,该组织最早的攻击可能和2007年针对韩国政府网站大规模DDOS攻击的“Operation Flame”行动相关,同时可能是2014 年索尼影业遭黑客攻击事件,2016 年孟加拉国银行数据泄露事件和2017年席卷全球的“Wannacry”勒索病毒等著名攻击事件的幕后组织。2017年以来,该组织将攻击目标不断扩大,日趋以经济利益为目的,从针对全球的传统金融机构银行系统进行攻击,开始转向于针对全球加密货币组织和相关机构以及个人进行攻击。
APT-C-26 is an APT group that has been active since 2009. According to the research by an overseas security vendor, the group’s earliest attack may be associated with the “Operation Flame” which was a large-scale DDOS attack on Korean government’s website in 2007. Lazarus may also be the group behind the hacking incident of Sony Pictures in 2014, the data breach of the Bank of Bangladesh in 2016 and other infamous attacks such as the “Wannacry” ransomware that swept across the globe in 2017. Since 2017, the group has been expanding its targets of attack and increasingly aimed at economic interests. In earlier attacks, the group mainly targeted the banking system of traditional financial institutions. Now, it has begun to attack global cryptocurrency organizations and related individuals.
古河@360 Vulcan Team
asset是EOS官方头文件中提供的用来代表货币资产(如官方货币EOS或自己发布的其它货币单位)的一个结构体。在使用asset进行乘法运算(operator *=)时,由于官方代码的bug,导致其中的溢出检测无效化。造成的结果是,如果开发者在智能合约中使用了asset乘法运算,则存在发生溢出的风险。
Yuki Chen of Qihoo 360 Vulcan Team
The asset structure is defined in EOS’s system header file, it can be used to define the amount of some tokens (such as the official EOS token or some custom tokens defined by user). Recently we discovered a bug in asset’s multiplication operator(operator *=) which makes the integer overflow check in the function to have no effect. If a developer uses asset multiplication in his EOS smart contract, he may need to face the risk of integer overflow.
