{"id":5494,"date":"2023-02-01T11:44:20","date_gmt":"2023-02-01T08:44:20","guid":{"rendered":"https:\/\/sakarya.news\/?p=5494"},"modified":"2023-02-01T11:44:22","modified_gmt":"2023-02-01T08:44:22","slug":"devlet-destekli-siber-saldirilar-hiz-kesmiyor","status":"publish","type":"post","link":"https:\/\/haber.kocaalibilisim.com\/index.php\/2023\/02\/01\/devlet-destekli-siber-saldirilar-hiz-kesmiyor\/","title":{"rendered":"Devlet destekli siber sald\u0131r\u0131lar h\u0131z kesmiyor"},"content":{"rendered":"\n

ESET Research, Eyl\u00fcl-Aral\u0131k 2022 d\u00f6nemine ait APT(geli\u015fmi\u015f kal\u0131c\u0131 tehdit) Etkinlik Raporu\u2019nu yay\u0131nlad\u0131.<\/strong><\/p>\n\n\n\n

ESET ara\u015ft\u0131rmac\u0131lar\u0131 taraf\u0131ndan  haz\u0131rlanan rapora g\u00f6re bu d\u00f6nemde Rusya ile ba\u011flant\u0131l\u0131 APT gruplar\u0131, y\u0131k\u0131c\u0131 veri silici ve fidye yaz\u0131l\u0131mlar kullanarak \u00f6zellikle Ukrayna’y\u0131 hedef alan operasyonlarda yer almaya devam etti. \u00c7in ba\u011flant\u0131l\u0131 bir grup olan Goblin Panda, Mustang Panda’n\u0131n Avrupa \u00fclkelerine olan ilgisini kopyalamaya ba\u015flad\u0131. \u0130ran ba\u011flant\u0131l\u0131 gruplar da y\u00fcksek d\u00fczeyde faaliyet g\u00f6steriyorlar. Sandworm ile birlikte, Callisto, Gamaredon gibi di\u011fer Rus APT gruplar\u0131, Do\u011fu Avrupa vatanda\u015flar\u0131n\u0131  hedef alan kimlik av\u0131 sald\u0131r\u0131lar\u0131na devam ettiler. <\/p>\n\n\n\n

ESET APT Etkinlik Raporu\u2019nda \u00f6n plana \u00e7\u0131kan ba\u015fl\u0131klar \u015fu \u015fekilde s\u0131ralan\u0131yor:<\/strong><\/p>\n\n\n\n

ESET,  Ukrayna’da k\u00f6t\u00fc \u015f\u00f6hretli Sandworm grubunun bir enerji sekt\u00f6r\u00fc \u015firketine kar\u015f\u0131 \u00f6nceden bilinmeyen bir veri silici yaz\u0131l\u0131m\u0131 kulland\u0131\u011f\u0131n\u0131 tespit etti. APT gruplar\u0131n\u0131n operasyonlar\u0131 genellikle devlet veya devlet destekli kat\u0131l\u0131mc\u0131lar taraf\u0131ndan ger\u00e7ekle\u015ftiriliyor. S\u00f6z konusu sald\u0131r\u0131, Ekim ay\u0131nda Rus silahl\u0131 kuvvetlerinin enerji altyap\u0131s\u0131n\u0131 hedef alan f\u00fcze sald\u0131r\u0131lar\u0131 ba\u015flatmas\u0131yla ayn\u0131 d\u00f6nemde ger\u00e7ekle\u015fti. ESET, bu sald\u0131r\u0131lar aras\u0131ndaki koordinasyonu kan\u0131tlayamasa da, Sandworm ve Rus ordusunun ayn\u0131 amac\u0131 ta\u015f\u0131d\u0131\u011f\u0131n\u0131 \u00f6ng\u00f6r\u00fcyor.<\/p>\n\n\n\n

ESET, daha \u00f6nce ke\u015ffedilen bir dizi veri silici yaz\u0131l\u0131m aras\u0131ndan en yeni olana NikoWiper ad\u0131n\u0131 verdi. Bu yaz\u0131l\u0131m, Ekim 2022’de Ukrayna’da enerji sekt\u00f6r\u00fcnde faaliyet g\u00f6steren bir \u015firkete kar\u015f\u0131 kullan\u0131lm\u0131\u015ft\u0131. NikoWiper, Microsoft’un dosyalar\u0131 g\u00fcvenli bir \u015fekilde silmek i\u00e7in kulland\u0131\u011f\u0131 bir komut sat\u0131r\u0131 yard\u0131mc\u0131 program\u0131 olan SDelete  tabanl\u0131. ESET, veri silen k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131ma ek olarak, fidye yaz\u0131l\u0131m\u0131n\u0131 silici olarak kullanan Sandworm sald\u0131r\u0131lar\u0131n\u0131 ke\u015ffetti. Bu sald\u0131r\u0131larda fidye yaz\u0131l\u0131m\u0131 kullan\u0131lsa da as\u0131l ama\u00e7 verilerin imha edilmesi. Bilindik fidye yaz\u0131l\u0131m\u0131 sald\u0131r\u0131lar\u0131n\u0131n aksine, Sandworm operat\u00f6rleri bir \u015fifre \u00e7\u00f6zme anahtar\u0131 sa\u011flam\u0131yor.<\/p>\n\n\n\n

Ekim 2022’de Prestige fidye yaz\u0131l\u0131m\u0131n\u0131n Ukrayna ve Polonya’daki lojistik \u015firketlerine kar\u015f\u0131 kullan\u0131ld\u0131\u011f\u0131 ESET taraf\u0131ndan tespit edildi. Kas\u0131m 2022’de Ukrayna’da RansomBoggs ad\u0131 verilen .NET’te yaz\u0131lm\u0131\u015f yeni bir fidye yaz\u0131l\u0131m\u0131 ke\u015ffedildi. ESET Research, bu kampanyay\u0131 Twitter hesab\u0131nda kamuoyuna bildirdi. Sandworm ile birlikte, Callisto ve Gamaredon gibi di\u011fer Rus APT gruplar\u0131, kimlik bilgilerini \u00e7almak ve implant yerle\u015ftirmek i\u00e7in Ukrayna hedefli kimlik av\u0131 sald\u0131r\u0131lar\u0131na devam ettiler.<\/p>\n\n\n\n

ESET ara\u015ft\u0131rmac\u0131lar\u0131 ayr\u0131ca Japonya’daki siyasileri hedef alan bir MirrorFace hedefli kimlik av\u0131 sald\u0131r\u0131s\u0131 tespit etti ve baz\u0131 \u00c7in ba\u011flant\u0131l\u0131 gruplar\u0131n hedefinde a\u015fama de\u011fi\u015fikli\u011fi fark etti – Goblin Panda, Mustang Panda’n\u0131n Avrupa \u00fclkelerine olan ilgisini kopyalamaya ba\u015flad\u0131. Kas\u0131m ay\u0131nda ESET, Avrupa Birli\u011fi’ndeki bir devlet kurulu\u015funda TurboSlate ad\u0131n\u0131 verdi\u011fi yeni bir Goblin Panda arka kap\u0131s\u0131 ke\u015ffetti. Mustang Panda da Avrupa kurulu\u015flar\u0131n\u0131 hedef almaya devam etti. Eyl\u00fcl ay\u0131nda, \u0130svi\u00e7re’nin enerji ve m\u00fchendislik sekt\u00f6r\u00fcndeki bir kurulu\u015fta Mustang Panda taraf\u0131ndan kullan\u0131lan bir Korplug y\u00fckleyici tespit edildi.<\/p>\n\n\n\n

\u0130ran ba\u011flant\u0131l\u0131 gruplar da sald\u0131r\u0131lar\u0131na devam etti – POLONIUM, \u0130srail \u015firketlerinin yan\u0131 s\u0131ra, bu \u015firketlerin yabanc\u0131 yan kurulu\u015flar\u0131n\u0131 da hedef almaya ba\u015flad\u0131 ve MuddyWater muhtemelen, aktif bir g\u00fcvenlik hizmeti sa\u011flay\u0131c\u0131s\u0131n\u0131n g\u00fcvenli\u011fine s\u0131zd\u0131.  Kuzey Kore ba\u011flant\u0131l\u0131 gruplar, d\u00fcnyan\u0131n \u00e7e\u015fitli yerlerindeki kripto para \u015firketlerine ve borsalar\u0131na s\u0131zmak i\u00e7in eski g\u00fcvenlik a\u00e7\u0131klar\u0131n\u0131 kulland\u0131. \u0130lgin\u00e7 bir \u015fekilde Konni, tuzak belgelerinde kulland\u0131\u011f\u0131 dilleri geni\u015fleterek, listesine \u0130ngilizceyi de ekledi; bu da her zamanki Rusya ve G\u00fcney Kore hedeflerine odaklanmad\u0131\u011f\u0131 anlam\u0131na gelebilir.<\/p>\n","protected":false},"excerpt":{"rendered":"

ESET Research, Eyl\u00fcl-Aral\u0131k 2022 d\u00f6nemine ait APT(geli\u015fmi\u015f kal\u0131c\u0131 tehdit) Etkinlik Raporu\u2019nu yay\u0131nlad\u0131. ESET ara\u015ft\u0131rmac\u0131lar\u0131 taraf\u0131ndan  haz\u0131rlanan rapora g\u00f6re bu d\u00f6nemde Rusya ile ba\u011flant\u0131l\u0131 APT gruplar\u0131, y\u0131k\u0131c\u0131 veri silici ve fidye yaz\u0131l\u0131mlar kullanarak \u00f6zellikle Ukrayna’y\u0131 hedef alan operasyonlarda yer almaya devam etti. \u00c7in ba\u011flant\u0131l\u0131 bir grup olan Goblin Panda, Mustang Panda’n\u0131n Avrupa \u00fclkelerine olan ilgisini kopyalamaya […]<\/p>\n","protected":false},"author":1,"featured_media":5495,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[11],"tags":[896,2121,2272],"class_list":["post-5494","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-teknoloji","tag-eset","tag-sandworm","tag-siber-saldirilar"],"_links":{"self":[{"href":"https:\/\/haber.kocaalibilisim.com\/index.php\/wp-json\/wp\/v2\/posts\/5494","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/haber.kocaalibilisim.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/haber.kocaalibilisim.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/haber.kocaalibilisim.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/haber.kocaalibilisim.com\/index.php\/wp-json\/wp\/v2\/comments?post=5494"}],"version-history":[{"count":1,"href":"https:\/\/haber.kocaalibilisim.com\/index.php\/wp-json\/wp\/v2\/posts\/5494\/revisions"}],"predecessor-version":[{"id":5496,"href":"https:\/\/haber.kocaalibilisim.com\/index.php\/wp-json\/wp\/v2\/posts\/5494\/revisions\/5496"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/haber.kocaalibilisim.com\/index.php\/wp-json\/wp\/v2\/media\/5495"}],"wp:attachment":[{"href":"https:\/\/haber.kocaalibilisim.com\/index.php\/wp-json\/wp\/v2\/media?parent=5494"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/haber.kocaalibilisim.com\/index.php\/wp-json\/wp\/v2\/categories?post=5494"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/haber.kocaalibilisim.com\/index.php\/wp-json\/wp\/v2\/tags?post=5494"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}