IEEE Spectrum报道指出，多款不同型号的宇树机器人BLE（蓝牙低功耗）Wi-Fi配置界面存在严重漏洞，攻击者可仅凭BLE接口绕过验证，直接获取root权限，被攻陷的机器人之间还会自动扩散感染，形成机器人僵尸网络式攻击。宇树方面回应称，已立即着手解决这些问题，目前已完成了大部分的修复工作。“我们将继续改进权限管理，以尽量减少任何潜在的误解（网上有很多夸大其词的谣言）。” ...

Investment Rating - The report does not explicitly provide an investment rating for the industry Core Insights - The report highlights the active APT organizations such as Lazarus, APT28, Andariel, Donot, OceanLotus, and Sticky Werewolf, with Lazarus being the most frequently recorded [7] - A total of 196,120 organizations/individuals' websites were found to have dark chain implants, with new dark chain data of 21,407 sites detected this month [13][20] - The report indicates that the majority of ransomware attacks targeted government, information technology, services, electronics, and financial sectors [10][20] - Vulnerability data shows that the most common types of vulnerabilities include cross-site scripting (XSS), cross-site request forgery (CSRF), and unauthorized access [16][21] - The black and gray industry data indicates that service provision accounts for 82% of new black market websites, while pornographic content accounts for 9% [22] Summary by Sections APT Threat Intelligence - The report provides a comprehensive overview of APT threat intelligence, analyzing advanced threat attacks and cybercriminal activities throughout 2024 [6] - Active APT organizations and their targeted sectors are discussed, emphasizing the need for vigilance and enhanced cybersecurity measures [6][7] Ransomware Threat Intelligence - Ransomware incidents are reported across various sectors, with a focus on the impact on government and technology industries [10][20] Dark Chain Intelligence - The report details the prevalence of dark chain implants across numerous websites, highlighting the significant increase in newly detected cases [13][20] Vulnerability Intelligence - A thorough analysis of vulnerability data from 2024 is presented, identifying key trends and potential risk points in network security [15][16] Black and Gray Industry Intelligence - The report monitors various forms of cybercrime, with a significant focus on phishing, fraud, and gambling activities [18][22]