Kuzey Kore ba\u011flant\u0131l\u0131 grup Google Drive arac\u0131l\u0131\u011f\u0131yla ileti\u015fim kuruyor, ilgisini \u00e7eken dosyalar\u0131 \u00e7al\u0131yor<\/p>\n\n\n\n
ESET ara\u015ft\u0131rmac\u0131lar\u0131, ScarCruft APT grubu taraf\u0131ndan kullan\u0131lan ve daha \u00f6nce bildirilmemi\u015f karma\u015f\u0131k bir arka kap\u0131y\u0131(backdoor) analiz etti.\u00a0<\/p>\n\n\n\n
ESET\u2019in Dolphin ad\u0131n\u0131 verdi\u011fi arka kap\u0131, s\u00fcr\u00fcc\u00fcleri ve ta\u015f\u0131nabilir bir\u00e7ok cihaz\u0131 izleme, ilgilendi\u011fi dosyalar\u0131 d\u0131\u015far\u0131 s\u0131zd\u0131rma, tu\u015f kaydetme, ekran g\u00f6r\u00fcnt\u00fcleri alma ve taray\u0131c\u0131lardan kimlik bilgilerini \u00e7alma dahil olmak \u00fczere bir\u00e7ok casusluk yetene\u011fine sahip. Dolphin, Komuta ve Kontrol ileti\u015fimi i\u00e7in bulut depolama hizmetlerini, \u00f6zellikle Google Drive’\u0131 k\u00f6t\u00fcye kullan\u0131yor. <\/p>\n\n\n\n
APT37 veya Reaper olarak da bilinen ScarCruft, 2012’den beri faaliyet g\u00f6steren bir casusluk grubu. \u00d6ncelikli hedefi G\u00fcney Kore olsa da di\u011fer Asya \u00fclkeleri de hedefleri aras\u0131nda yer al\u0131yor. ScarCruft, esas olarak h\u00fck\u00fcmet ve askeri kurulu\u015flarla, Kuzey Kore’nin \u00e7\u0131karlar\u0131yla ba\u011flant\u0131l\u0131 \u00e7e\u015fitli sekt\u00f6rlerdeki \u015firketlerle ilgileniyor.<\/p>\n\n\n\n
Dolphin arka kap\u0131s\u0131n\u0131 analiz eden ESET ara\u015ft\u0131rmac\u0131s\u0131 Filip Jur\u010dacko bu konuda \u015funlar\u0131 s\u00f6yledi: \u201cArka kap\u0131 se\u00e7ilen hedeflere da\u011f\u0131t\u0131ld\u0131ktan sonra, g\u00fcvenli\u011fi ihlal edilmi\u015f sistemlerin s\u00fcr\u00fcc\u00fclerinde ilgin\u00e7 dosyalar ar\u0131yor ve buldu\u011fu dosyalar\u0131 Google Drive’a s\u0131zd\u0131r\u0131yor. Bu arka kap\u0131n\u0131n \u00f6nceki s\u00fcr\u00fcmleri, kurbanlar\u0131n Google ve Gmail hesaplar\u0131n\u0131n ayarlar\u0131n\u0131 de\u011fi\u015ftirerek bu hesaplar\u0131n g\u00fcvenliklerini zay\u0131flatan ve bu sayede muhtemelen tehdit akt\u00f6rlerinin Gmail hesaplar\u0131na eri\u015fimini s\u00fcrd\u00fcrebilmesine olanak tan\u0131yan s\u0131ra d\u0131\u015f\u0131 bir yetene\u011fe sahip.\u201d Dolphin arka kap\u0131s\u0131, i\u015fletim sistemi s\u00fcr\u00fcm\u00fc, k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m s\u00fcr\u00fcm\u00fc, y\u00fckl\u00fc g\u00fcvenlik \u00fcr\u00fcnleri listesi, kullan\u0131c\u0131 ad\u0131 ve bilgisayar ad\u0131 dahil olmak \u00fczere hedeflenen makine hakk\u0131nda temel bilgileri topluyor. Varsay\u0131lan olarak, Dolphin t\u00fcm sabit (HDD) ve sabit olmayan s\u00fcr\u00fcc\u00fcleri (USB’ler) tar\u0131yor, dizin listeleri olu\u015fturuyor ve dosyalar\u0131 uzant\u0131lar\u0131na g\u00f6re d\u0131\u015far\u0131 s\u0131zd\u0131r\u0131yor. Ayraca Dolphin, Windows Portable Device API arac\u0131l\u0131\u011f\u0131yla ak\u0131ll\u0131 telefonlar gibi ta\u015f\u0131nabilir cihazlar\u0131 da tar\u0131yor. Arka kap\u0131, taray\u0131c\u0131lardan kimlik bilgilerini \u00e7alman\u0131n yan\u0131 s\u0131ra tu\u015f kaydetme ve ekran g\u00f6r\u00fcnt\u00fcleri alma yetene\u011fine sahip.<\/p>\n","protected":false},"excerpt":{"rendered":"
Kuzey Kore ba\u011flant\u0131l\u0131 grup Google Drive arac\u0131l\u0131\u011f\u0131yla ileti\u015fim kuruyor, ilgisini \u00e7eken dosyalar\u0131 \u00e7al\u0131yor ESET ara\u015ft\u0131rmac\u0131lar\u0131, ScarCruft APT grubu taraf\u0131ndan kullan\u0131lan ve daha \u00f6nce bildirilmemi\u015f karma\u015f\u0131k bir arka kap\u0131y\u0131(backdoor) analiz etti.\u00a0 ESET\u2019in Dolphin ad\u0131n\u0131 verdi\u011fi arka kap\u0131, s\u00fcr\u00fcc\u00fcleri ve ta\u015f\u0131nabilir bir\u00e7ok cihaz\u0131 izleme, ilgilendi\u011fi dosyalar\u0131 d\u0131\u015far\u0131 s\u0131zd\u0131rma, tu\u015f kaydetme, ekran g\u00f6r\u00fcnt\u00fcleri alma ve taray\u0131c\u0131lardan kimlik bilgilerini […]<\/p>\n","protected":false},"author":1,"featured_media":2475,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[11],"tags":[1050,2178,2300],"class_list":["post-2474","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-teknoloji","tag-google-drive","tag-scarcruft-apt","tag-sira-disi-uygulama"],"_links":{"self":[{"href":"https:\/\/haber.kocaalibilisim.com\/index.php\/wp-json\/wp\/v2\/posts\/2474","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/haber.kocaalibilisim.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/haber.kocaalibilisim.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/haber.kocaalibilisim.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/haber.kocaalibilisim.com\/index.php\/wp-json\/wp\/v2\/comments?post=2474"}],"version-history":[{"count":2,"href":"https:\/\/haber.kocaalibilisim.com\/index.php\/wp-json\/wp\/v2\/posts\/2474\/revisions"}],"predecessor-version":[{"id":2477,"href":"https:\/\/haber.kocaalibilisim.com\/index.php\/wp-json\/wp\/v2\/posts\/2474\/revisions\/2477"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/haber.kocaalibilisim.com\/index.php\/wp-json\/wp\/v2\/media\/2475"}],"wp:attachment":[{"href":"https:\/\/haber.kocaalibilisim.com\/index.php\/wp-json\/wp\/v2\/media?parent=2474"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/haber.kocaalibilisim.com\/index.php\/wp-json\/wp\/v2\/categories?post=2474"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/haber.kocaalibilisim.com\/index.php\/wp-json\/wp\/v2\/tags?post=2474"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}