11月12日，黑客 “AgainstTheWest” 在 raidforums 论坛宣告自己侵略了阿里云的服务器并盗取了很多源码，盗取的源码以 5000 美元的价格打包售卖，支付方式为比特币或门罗币。
黑客“AgainstTheWest”（以下简称 ATW）是10月底咱们报导的网传 SonarQube 平台漏洞被利用，很多源码走漏事件中的进犯者，但此次进犯并未得到博世的任何回应，ATW 也只能草草了事，陆陆续续地在 raidforums 论坛发布一些偷来的源码材料。而11月11日，ATW 再放猛料，在 raidforums 论坛疯狂走漏从我国服务器盗取的源码，而这次的进犯目标涉及到国内的“ BAT 大厂”：阿里、字节和腾讯。
On November 12, the hacker “AgainstTheWest” announced on the raidforums forum that he had invaded Alibaba Cloud’s servers and stole a lot of source code. The stolen source code was packaged and sold at a price of $5,000, and the payment method was Bitcoin or Monero.
The hacker “AgainstTheWest” (hereinafter referred to as ATW) was the one we reported at the end of October that the vulnerability of the SonarQube platform was exploited, and many of the attackers in the incident of source code leakage, but this attack did not receive any response from Bosch, and ATW could only rashly Some stolen source materials have been released on raidforums one after another. And on November 11th, ATW once again announced that it frantically leaked the source code stolen from Chinese servers on the raidforums forum. The target of this attack involves the domestic “BAT manufacturers”: Ali, Byte and Tencent.
ATW leaked material timeline:
November 11th 12:40: Involving CN Ministry of Science and Technology Chinese Ministry Of Science And Technology | SRCs | 2021
November 12th 14:21: Involving Tencent Wenjiang project Chinese Tencent | Wenjiang SRCs | PHP & Vue | Backend & Frontend | 2021
7:00 pm on November 12th: Alibaba Cloud user data Alibaba Cloud / Aliyun | Premium User Database | 23K
November 13th at 08:21 PM: DingTalk Console Data DingTalk | Console SRCs | ATW |
November 12th at 08:54: Zhongtian Technology webAPI system Zhongtian Technology Submarine Co | Chinese Govt Contractor | SRCs | 2021
At 09:56 in the evening of November 12: WeChat User Message Sample WeChat User Message Sample | Weixin |
07:40 on the evening of November 14: Founder Electronics Beijing Founder Electronics Co | CI/CD-2 level platform SRCs | 2021 |
08:14 on the evening of November 14: Dipu Technology Deepexi | Chinese Intelligence Data Provider | SRCs | 2021
November 15th 11:00: ByteDance with a small amount of source code ByteDance | Small SRCs | 2021
November 15 12:00: Bohai Property Insurance Co., Ltd. Source Code Bohai Property Insurance Co Ltd | Platform SRCs | 2021
At 8 pm on November 15th, ATW announced that it would rest for a month.
I want to introduce here. There are two ways to post materials on raidforums forums. One is the buying and selling system. Sellers offer to look for attractive buyers. Buyers cannot preview the content of the materials before successful buying and selling; the other is the point check system, where users can spend money. 8 points to check the materials in the post. You can get a small amount of points by accumulating experience to advance. However, this process is too long. Generally, users buy from the forum store at a price of 15 euros -30 points. It costs RMB 29.234.
At present, none of the materials listed by AgainstTheWest in the trading system has been sold, so the authenticity of the leaked materials cannot be ascertained. Some buyers hoped that ATW could release more details about the materials, but they did not get a response.
However, some forum users who spent points to check the materials in the post have been deceived. They stated that these leaked files are scraps, and the materials collected from the *.aliyuncs.com domain name are not the source code of Alibaba Cloud at all. , The angry netizens quarreled directly in the posts, saying that ATW was simply cheating money, and posting these posts was for hype and wanting popularity.
There are also many friends in the forum imitating ATW’s “Opening picture, the content depends on the compilation.” For example, this brother claims that he has packaged all the materials of the entire 200 million companies in my country, and those who are interested are quick to contact. This post has exactly the same format as the post title of ATW, so it’s hard to say that it’s not in yin and yang:
But as for this “AgainstTheWest”, whether the files under the Alibaba Cloud domain name are full of files, or indeed invaded Alibaba Cloud and stolen very important source code, there is no clear conclusion yet. Open source my country will pay close attention to the follow-up. Developments.
- 11 月 11 日 12:40：涉及 CN 科技部 Chinese Ministry Of Science And Technology | SRCs | 2021
- 11 月 12 日 14:21：涉及腾讯温江项目 Chinese Tencent | Wenjiang SRCs | PHP & Vue | Backend & Frontend | 2021
- 11 月 12 日晚 7:00：阿里云用户数据 Alibaba Cloud / Aliyun | Premium User Database | 23K
- 11 月 13 日晚 08:21：钉钉控制台数据 DingTalk | Console SRCs | ATW |
- 11 月 12 日晚 08:54：中天科技 webAPI 系统 Zhongtian Technology Submarine Co | Chinese Govt Contractor | SRCs | 2021
- 11 月 12 日晚 09:56：微信用户音讯样本 WeChat User Message Sample | Weixin |
- 11 月 14 日晚 07:40：方正电子 Beijing Founder Electronics Co | CI/CD-2 level platform SRCs | 2021 |
- 11 月 14 日晚 08:14：滴普科技 Deepexi | Chinese Intelligence Data Provider | SRCs | 2021
- 11 月 15 日 11:00：字节跳动少量源码 ByteDance | Small SRCs | 2021
- 11 月 15 日 12:00：渤海保险有限公司源码 Bohai Property Insurance Co Ltd | Platform SRCs | 2021
- 11 月 15 日晚 8 点 ，ATW 宣告将休息一个月。
这儿要介绍一下， raidforums 论坛发帖发布材料的方式有两种，一种是买卖制，卖家报价寻找心动买家，成功买卖之前买家无法预览材料内容；另一种是积分检查制，用户能够花 8 点积分检查帖子顺便的材料，靠攒经历晋级能够获得少量积分，不过这个进程太漫长，一般用户都是从论坛商店以 15 欧元-30 积分的价格购买，也就是说，看一份材料要花费人民币 29.234 元。
目前，AgainstTheWest 挂在买卖制板块的材料一份都没卖出去，因此走漏的材料还无法查明真伪。部分买家希望 ATW 能发布更多材料的细节信息，但并未得到其回应。
但是，一些花了积分去检查帖子顺便的材料的论坛用户却直呼受骗，他们表明这些走漏的文件都是些边角料，从 *.aliyuncs.com 域名搜集下来的材料根本就不是阿里云的源代码，愤恨的网友直接在帖子里吵起来了，说 ATW 朴实在骗钱，发这些帖子都是为了炒作，想要热度。
论坛里也有许多朋友在模仿 ATW 的“开局一张图，内容全赖编”，