this post was submitted on 08 Jun 2024
130 points (85.3% liked)

Technology

59377 readers
4179 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
all 28 comments
sorted by: hot top controversial new old
[–] spaghettiwestern@sh.itjust.works 102 points 5 months ago (3 children)

Correct me if I'm wrong, but this doesn't look like this has anything to do with Syncthing vulnerabilities. Instead it looks like a hack that uses a preconfigured Syncthing installation to transfer sensitive data. Disturbing nonetheless.

[–] just_another_person@lemmy.world 74 points 5 months ago (2 children)

It's a Phishing scam using a tool. It's no more exploiting SyncThing than TCP/IP.

[–] Holzkohlen@feddit.de 12 points 5 months ago (1 children)

Bet they also utilize electricity these bastards! What's next? Physics? Oh the humanity!

[–] laurelraven@lemmy.blahaj.zone 3 points 5 months ago (1 children)

Its physics all the way down

[–] Venator@lemmy.nz 3 points 5 months ago (1 children)
[–] Venator@lemmy.nz 1 points 5 months ago* (last edited 5 months ago)
[–] blackbarn@lemm.ee 10 points 5 months ago

Just like using a remote desktop tool in a scam I suppose

[–] treadful@lemmy.zip 5 points 5 months ago (1 children)

Looks like a specially modified SyncThing was just used for exfil.

[–] Deebster@programming.dev 18 points 5 months ago

The article uses the word modified, but it sounds like it's just talking about configuring it and using it as normal.

[–] vext01@lemmy.sdf.org 0 points 5 months ago
[–] Nobilmantis@feddit.it 79 points 5 months ago (1 children)

The attack begins with a phishing email sent to the target

Okay bro im not reading past this its 2024

[–] treadful@lemmy.zip 20 points 5 months ago (2 children)
[–] tgxn@lemmy.tgxn.net 6 points 5 months ago (2 children)

Your links do nothing! I'm invincible!

[–] Steamymoomilk@sh.itjust.works 8 points 5 months ago* (last edited 5 months ago)

1000016170

Best i can do is chineese bootleg subway surfers riddled with malware and ads.

[–] Cargon@lemmy.ml 7 points 5 months ago (1 children)

Gets drenched in liquid nitrogen

[–] todd_bonzalez@lemm.ee 4 points 5 months ago

Wow, that second one... 🤣

[–] olof@lemmy.ml 63 points 5 months ago (3 children)

Please dont link with a Google Amp link.

[–] can@sh.itjust.works 22 points 5 months ago (2 children)
[–] aodhsishaj@lemmy.world 8 points 5 months ago (1 children)
[–] queue@lemmy.blahaj.zone 9 points 5 months ago (1 children)
[–] olof@lemmy.ml 2 points 5 months ago
[–] queue@lemmy.blahaj.zone 6 points 5 months ago
[–] queue@lemmy.blahaj.zone 10 points 5 months ago

Sorry about that, on my mobile firefox it looked fine. Fucking google.

[–] autonomoususer@lemmy.world 12 points 5 months ago

They can't even type Syncthing right.

[–] sapient_cogbag@infosec.pub 5 points 5 months ago* (last edited 5 months ago)

It's a convenient file transfer/sync tool. Copying data has to happen somehow, I'm not surprised someone thought to use syncthing for that purpose >.<, since it can do that. But its not really different than any other tool here.

[–] Caboose12000@lemmy.world -2 points 5 months ago

This is upsetting