ESET ara\u015ft\u0131rmac\u0131lar\u0131, Kuzey Kore ba\u011flant\u0131l\u0131 tehdit akt\u00f6r\u00fc Lazarus\u2019un DreamJob ad\u0131 verilen kampanyas\u0131n\u0131 ke\u015ffetti. ESET Research, Lazarus\u2019un Linux kullan\u0131c\u0131lar\u0131na y\u00f6nelik sahte cazip i\u015f teklifleriyle hedef ald\u0131\u011f\u0131 ki\u015filerin bilgisayarlar\u0131na s\u0131zmak i\u00e7in sosyal m\u00fchendislik tekniklerini kulland\u0131\u011f\u0131 kampanya olan Dreamjob\u00a0 \u00a0kampanyas\u0131n\u0131, 3CX telefon sistemi tedarik zinciri sald\u0131r\u0131s\u0131yla ili\u015fkilendirdi.<\/p>\n\n\n\n
ESET Research, yem olarak sahte bir HSBC i\u015f teklifi sunan ZIP dosyas\u0131ndan son y\u00fcke kadar t\u00fcm zinciri yeniden olu\u015fturmay\u0131 ba\u015fard\u0131: OpenDrive bulut depolama hesab\u0131 arac\u0131l\u0131\u011f\u0131yla da\u011f\u0131t\u0131lan SimplexTea Linux arka kap\u0131s\u0131. Kuzey Kore ba\u011flant\u0131l\u0131 bu b\u00fcy\u00fck tehdit akt\u00f6r\u00fc, operasyonun bir par\u00e7as\u0131 olarak Linux k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m\u0131n\u0131 ilk kez kullan\u0131yor. Bu yeni ke\u015ffedilen Linux k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m\u0131yla benzerlikler, 3CX tedarik zinciri sald\u0131r\u0131s\u0131n\u0131n arkas\u0131nda k\u00f6t\u00fc bir \u00fcne sahip Kuzey Kore ba\u011flant\u0131l\u0131 grubun oldu\u011fu teorisini destekliyor.<\/p>\n\n\n\n
Lazarus etkinliklerini ara\u015ft\u0131ran ESET ara\u015ft\u0131rmac\u0131s\u0131 Peter K\u00e1lnai bu konuda \u015funlar\u0131 s\u00f6yledi: \u201cBu ke\u015fif son 3CX tedarik zinciri sald\u0131r\u0131s\u0131n\u0131n asl\u0131nda Lazarus taraf\u0131ndan ger\u00e7ekle\u015ftirildi\u011fine dair inand\u0131r\u0131c\u0131 kan\u0131tlar sunuyor. Ba\u015ftan beri bu durumdan \u015f\u00fcpheleniliyor ve o zamandan beri bir\u00e7ok g\u00fcvenlik ara\u015ft\u0131rmac\u0131s\u0131 taraf\u0131ndan buna dikkat \u00e7ekiliyordu.\u201d <\/p>\n\n\n\n
3CX, bir\u00e7ok kurulu\u015fa telefon sistemi hizmetleri sa\u011flayan uluslararas\u0131 bir VoIP yaz\u0131l\u0131m geli\u015ftiricisi ve distrib\u00fct\u00f6r\u00fc. Web sitesine g\u00f6re 3CX’in havac\u0131l\u0131k, sa\u011fl\u0131k ve konaklama dahil olmak \u00fczere \u00e7e\u015fitli sekt\u00f6rlerde 600.000’den fazla m\u00fc\u015fterisi ve 12 milyon kullan\u0131c\u0131s\u0131 var. Sistemlerini bir web taray\u0131c\u0131s\u0131, mobil uygulama veya bir masa\u00fcst\u00fc uygulamas\u0131 arac\u0131l\u0131\u011f\u0131yla kullanmak i\u00e7in istemci yaz\u0131l\u0131m\u0131 sunuyor. Mart 2023’\u00fcn sonlar\u0131nda, hem Windows hem de macOS i\u00e7in masa\u00fcst\u00fc uygulamas\u0131n\u0131n y\u00fcklendi\u011fi t\u00fcm makinelerde, bir grup sald\u0131rgan\u0131n rastgele kod indirip \u00e7al\u0131\u015ft\u0131rmas\u0131n\u0131 sa\u011flayan k\u00f6t\u00fc ama\u00e7l\u0131 kod oldu\u011fu ke\u015ffedildi. G\u00fcvenli\u011fi ihlal edilen 3CX yaz\u0131l\u0131m\u0131, baz\u0131 3CX m\u00fc\u015fterilerine ilave olarak k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m da\u011f\u0131tmak i\u00e7in harici tehdit akt\u00f6rleri taraf\u0131ndan ger\u00e7ekle\u015ftirilen bir tedarik zinciri sald\u0131r\u0131s\u0131nda kullan\u0131ld\u0131.<\/p>\n\n\n\n
K\u00f6t\u00fc ama\u00e7l\u0131 bu ki\u015filer bu sald\u0131r\u0131lar\u0131 Aral\u0131k 2022 gibi \u00e7ok \u00f6nceki bir tarihte planlam\u0131\u015flard\u0131. Bu, ge\u00e7en y\u0131l\u0131n sonlar\u0131nda 3CX a\u011f\u0131nda bir yer edindiklerini g\u00f6steriyor. Sald\u0131r\u0131n\u0131n halka a\u00e7\u0131klanmas\u0131ndan birka\u00e7 g\u00fcn \u00f6nce, VirusTotal’a gizemli bir Linux indirici g\u00f6nderildi. Bu indirici, Linux i\u00e7in yeni bir Lazarus arka kap\u0131s\u0131 olan SimplexTea’yi indirerek 3CX sald\u0131r\u0131s\u0131ndaki y\u00fcklerle ayn\u0131 Komuta ve Kontrol sunucusuna ba\u011flan\u0131yor.<\/p>\n\n\n\n
K\u00e1lnai durumu \u015f\u00f6yle a\u00e7\u0131kl\u0131yor: \u201c\u00c7e\u015fitli BT altyap\u0131lar\u0131na da\u011f\u0131t\u0131lan bu g\u00fcvenli\u011fi ihlal edilmi\u015f yaz\u0131l\u0131m, y\u0131k\u0131c\u0131 etkileri olabilecek her t\u00fcrl\u00fc y\u00fck\u00fcn indirilmesine ve y\u00fcr\u00fct\u00fclmesine olanak tan\u0131r. Bir tedarik zinciri sald\u0131r\u0131s\u0131n\u0131n gizlili\u011fi, bu k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m da\u011f\u0131tma y\u00f6ntemini bir sald\u0131rgan i\u00e7in olduk\u00e7a \u00e7ekici hale getiriyor ve Lazarus bu tekni\u011fi zaten daha \u00f6nce kullanm\u0131\u015ft\u0131. DreamJob Operasyonu, Lazarus\u2019un sahte cazip i\u015f teklifleriyle hedef ald\u0131\u011f\u0131 ki\u015filerin bilgisayarlar\u0131na s\u0131zmak i\u00e7in sosyal m\u00fchendislik tekniklerini kulland\u0131\u011f\u0131 bir dizi kampanyan\u0131n ad\u0131. 20 Mart’ta G\u00fcrcistan\u2019daki bir kullan\u0131c\u0131 VirusTotal’a HSBC job offer.pdf.zip adl\u0131 bir ZIP ar\u015fivi g\u00f6nderdi. Lazarus’un di\u011fer DreamJob kampanyalar\u0131 g\u00f6z \u00f6n\u00fcne al\u0131nd\u0131\u011f\u0131nda, bu y\u00fck muhtemelen hedefe y\u00f6nelik kimlik av\u0131 veya LinkedIn’deki do\u011frudan mesajlar arac\u0131l\u0131\u011f\u0131yla da\u011f\u0131t\u0131ld\u0131. Ar\u015fiv tek bir dosya i\u00e7eriyor: Go’da yaz\u0131lm\u0131\u015f ve HSBC job offer\u2024pdf adl\u0131 yerel bir 64 bit Intel Linux ikili dosyas\u0131.<\/p>\n","protected":false},"excerpt":{"rendered":"
ESET ara\u015ft\u0131rmac\u0131lar\u0131, Kuzey Kore ba\u011flant\u0131l\u0131 tehdit akt\u00f6r\u00fc Lazarus\u2019un DreamJob ad\u0131 verilen kampanyas\u0131n\u0131 ke\u015ffetti. ESET Research, Lazarus\u2019un Linux kullan\u0131c\u0131lar\u0131na y\u00f6nelik sahte cazip i\u015f teklifleriyle hedef ald\u0131\u011f\u0131 ki\u015filerin bilgisayarlar\u0131na s\u0131zmak i\u00e7in sosyal m\u00fchendislik tekniklerini kulland\u0131\u011f\u0131 kampanya olan Dreamjob\u00a0 \u00a0kampanyas\u0131n\u0131, 3CX telefon sistemi tedarik zinciri sald\u0131r\u0131s\u0131yla ili\u015fkilendirdi. ESET Research, yem olarak sahte bir HSBC i\u015f teklifi sunan ZIP […]<\/p>\n","protected":false},"author":1,"featured_media":8175,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5,11],"tags":[751,897,1501,2271],"class_list":["post-8174","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-guncel","category-teknoloji","tag-dreamjob-operasyonu","tag-eset-research","tag-lazarus","tag-siber-saldiri"],"_links":{"self":[{"href":"https:\/\/haber.kocaalibilisim.com\/index.php\/wp-json\/wp\/v2\/posts\/8174","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/haber.kocaalibilisim.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/haber.kocaalibilisim.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/haber.kocaalibilisim.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/haber.kocaalibilisim.com\/index.php\/wp-json\/wp\/v2\/comments?post=8174"}],"version-history":[{"count":1,"href":"https:\/\/haber.kocaalibilisim.com\/index.php\/wp-json\/wp\/v2\/posts\/8174\/revisions"}],"predecessor-version":[{"id":8176,"href":"https:\/\/haber.kocaalibilisim.com\/index.php\/wp-json\/wp\/v2\/posts\/8174\/revisions\/8176"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/haber.kocaalibilisim.com\/index.php\/wp-json\/wp\/v2\/media\/8175"}],"wp:attachment":[{"href":"https:\/\/haber.kocaalibilisim.com\/index.php\/wp-json\/wp\/v2\/media?parent=8174"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/haber.kocaalibilisim.com\/index.php\/wp-json\/wp\/v2\/categories?post=8174"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/haber.kocaalibilisim.com\/index.php\/wp-json\/wp\/v2\/tags?post=8174"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}