{"id":2953,"date":"2024-01-26T15:00:04","date_gmt":"2024-01-26T15:00:04","guid":{"rendered":"https:\/\/esenyurtgazetesi.com\/?p=2953"},"modified":"2024-01-26T15:00:04","modified_gmt":"2024-01-26T15:00:04","slug":"eset-yeni-bir-tehdit-grubunu-ortaya-cikardi","status":"publish","type":"post","link":"https:\/\/esenyurtgazetesi.com\/index.php\/2024\/01\/26\/eset-yeni-bir-tehdit-grubunu-ortaya-cikardi\/","title":{"rendered":"ESET yeni bir tehdit grubunu ortaya \u00e7\u0131kard\u0131"},"content":{"rendered":"

Dijital g\u00fcvenlik \u015firketi ESET, \u00c7in ba\u011flant\u0131l\u0131 yeni bir APT grubunu ve bu grup \u00a0taraf\u0131ndan kullan\u0131lan sofistike bir implant olan NSPX30’u ortaya \u00e7\u0131kard\u0131. ESET \u00c7in ba\u011flant\u0131l\u0131 APT (s\u00fcrekli geli\u015fmi\u015f tehdit) grubunu Blackwood olarak adland\u0131rd\u0131.\u00a0<\/strong><\/p>\n

Blackwood, implant\u0131 da\u011f\u0131t\u0131rken me\u015fru yaz\u0131l\u0131mlardan gelen g\u00fcncelleme taleplerini ele ge\u00e7irmek i\u00e7in ortadaki adam tekniklerinden yararlan\u0131yor. \u00c7in, Japonya ve Birle\u015fik Krall\u0131k’tan bireylere ve \u015firketlere kar\u015f\u0131 siber casusluk operasyonlar\u0131 ger\u00e7ekle\u015ftiriyor. NSPX30 implant\u0131 Tencent QQ, WPS Office ve Sogou Pinyin gibi yasal yaz\u0131l\u0131mlar\u0131n g\u00fcncelleme mekanizmalar\u0131 arac\u0131l\u0131\u011f\u0131yla da\u011f\u0131t\u0131l\u0131yor. Ara\u015ft\u0131rma, NSPX30’un geli\u015fiminin izini 2005 y\u0131l\u0131nda Project Wood ad\u0131 verilen ve kurbanlar\u0131ndan veri toplamak i\u00e7in tasarlanan k\u00fc\u00e7\u00fck bir arka kap\u0131ya kadar s\u00fcr\u00fcyor. NSPX30, damlal\u0131k, y\u00fckleyiciler, orkestrat\u00f6r ve arka kap\u0131 gibi \u00e7e\u015fitli bile\u015fenleri i\u00e7eren \u00e7ok a\u015famal\u0131 bir implant. \u00a0NSPX30 ayr\u0131ca \u00e7e\u015fitli \u00c7in k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131mdan koruma \u00e7\u00f6z\u00fcmlerinde kendisini izin verilenler listesine ekleme yetene\u011fine sahip. ESET bu aktiviteyi Blackwood ad\u0131n\u0131 verdi\u011fi yeni bir APT grubuna ba\u011flad\u0131\u011f\u0131n\u0131 a\u00e7\u0131klad\u0131.<\/p>\n

ESET Research, Blackwood ve arka kap\u0131 Project Wood’u muteks ad\u0131nda yinelenen bir temaya dayanarak adland\u0131rd\u0131. Muteks veya kar\u015f\u0131l\u0131kl\u0131 d\u0131\u015flama, payla\u015f\u0131lan bir kayna\u011fa eri\u015fimi kontrol etmek i\u00e7in kullan\u0131lan bir senkronizasyon arac\u0131. 2005’teki Project Wood implant\u0131, uygulanan teknikler g\u00f6z \u00f6n\u00fcne al\u0131nd\u0131\u011f\u0131nda, k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m geli\u015ftirme konusunda deneyimli geli\u015ftiricilerin i\u015fi olarak g\u00f6r\u00fcn\u00fcyor. ESET, Blackwood ad\u0131n\u0131 verdi\u011fi \u00c7in ba\u011flant\u0131l\u0131 tehdit akt\u00f6r\u00fcn\u00fcn en az 2018’den beri faaliyet g\u00f6sterdi\u011fini d\u00fc\u015f\u00fcn\u00fcyor.<\/p>\n

ESET telemetrisine g\u00f6re, NSPX30 implant\u0131 k\u0131sa s\u00fcre \u00f6nce az say\u0131da sistemde tespit edildi. Kurbanlar aras\u0131nda \u00c7in ve Japonya’da bulunan kimli\u011fi belirsiz ki\u015filer, Birle\u015fik Krall\u0131k’taki y\u00fcksek profilli bir kamu ara\u015ft\u0131rma \u00fcniversitesinin a\u011f\u0131na ba\u011fl\u0131 \u00c7ince konu\u015fan kimli\u011fi belirsiz bir ki\u015fi, \u00c7in’de bulunan b\u00fcy\u00fck bir \u00fcretim ve ticaret \u015firketi ve m\u00fchendislik ve \u00fcretim sekt\u00f6r\u00fcndeki bir Japon \u015firketinin \u00c7in merkezli ofisleri yer al\u0131yor. ESET, sald\u0131rganlar\u0131n, eri\u015fimin kaybedilmesi durumunda sistemleri yeniden ele ge\u00e7irmeye \u00e7al\u0131\u015ft\u0131klar\u0131n\u0131 da g\u00f6zlemledi.<\/p>\n

NSPX30, damlal\u0131k, y\u00fckleyiciler, orkestrat\u00f6r ve arka kap\u0131 gibi \u00e7e\u015fitli bile\u015fenleri i\u00e7eren \u00e7ok a\u015famal\u0131 bir implant. Son bile\u015fenlerin her ikisi de Skype, Telegram, Tencent QQ ve WeChat gibi \u00e7e\u015fitli uygulamalar i\u00e7in casusluk yetenekleri uygulayan kendi eklenti setlerine sahip. Ayr\u0131ca \u00e7e\u015fitli \u00c7in antivir\u00fcs \u00e7\u00f6z\u00fcmlerinden ka\u00e7\u0131nma yetene\u011fine de sahip. ESET Research, me\u015fru yaz\u0131l\u0131mlar (\u015fifrelenmemi\u015f) HTTP protokol\u00fcn\u00fc kullanarak me\u015fru sunuculardan g\u00fcncellemeleri indirmeye \u00e7al\u0131\u015ft\u0131\u011f\u0131nda makinelerin tehlikeye girdi\u011fini belirledi. Ele ge\u00e7irilen yaz\u0131l\u0131m g\u00fcncellemeleri aras\u0131nda Tencent QQ, Sogou Pinyin ve WPS Office gibi pop\u00fcler \u00c7in yaz\u0131l\u0131mlar\u0131 da bulunuyor. Arka kap\u0131n\u0131n temel amac\u0131 denetleyicisiyle ileti\u015fim kurmak ve toplanan verileri d\u0131\u015far\u0131 s\u0131zd\u0131rmak. Ekran g\u00f6r\u00fcnt\u00fcs\u00fc alabilir, keylogging yapabilir ve \u00e7e\u015fitli bilgiler toplayabilir.<\/p>\n

Sald\u0131rganlar\u0131n engelleme yetene\u011fi, orkestrat\u00f6r ve arka kap\u0131 yeni bile\u015fenler indirmek veya toplanan bilgileri d\u0131\u015far\u0131 s\u0131zd\u0131rmak i\u00e7in Baidu’nun sahip oldu\u011fu me\u015fru a\u011flarla ileti\u015fim kurarken ger\u00e7ek altyap\u0131lar\u0131n\u0131 anonimle\u015ftirmelerine de olanak tan\u0131yor. ESET, NSPX30 taraf\u0131ndan \u00fcretilen k\u00f6t\u00fc niyetli ancak me\u015fru g\u00f6r\u00fcnen trafi\u011fin, ortadaki d\u00fc\u015fman sald\u0131r\u0131lar\u0131n\u0131 da ger\u00e7ekle\u015ftiren bilinmeyen durdurma mekanizmas\u0131 taraf\u0131ndan ger\u00e7ek sald\u0131rganlar\u0131n altyap\u0131s\u0131na iletildi\u011fine inan\u0131yor.<\/p>\n

NSPX30 ve Blackwood’u ke\u015ffeden ESET ara\u015ft\u0131rmac\u0131s\u0131 Facundo Mu\u00f1oz, “Sald\u0131rganlar\u0131n k\u00f6t\u00fc niyetli g\u00fcncellemeler olarak NSPX30’u tam anlam\u0131yla nas\u0131l sunabildiklerini bilmiyoruz zira sald\u0131rganlar\u0131n ba\u015flang\u0131\u00e7ta hedeflerini tehlikeye atmalar\u0131n\u0131 olanak tan\u0131yan arac\u0131 hen\u00fcz ke\u015ffetmedik” dedi. Mu\u00f1oz, “Ancak bu yetenekleri sergileyen \u00c7in’e ba\u011fl\u0131 tehdit akt\u00f6rleriyle ilgili kendi deneyimlerimize ve \u00c7in’e ba\u011fl\u0131 ba\u015fka bir grup olan MustangPanda’ya atfedilen y\u00f6nlendirici implantlar\u0131yla ilgili son ara\u015ft\u0131rmalara dayanarak, sald\u0131rganlar\u0131n kurbanlar\u0131n a\u011flar\u0131na, muhtemelen y\u00f6nlendiriciler veya a\u011f ge\u00e7itleri gibi savunmas\u0131z a\u011f cihazlar\u0131na bir a\u011f implant\u0131 yerle\u015ftirdi\u011fini tahmin ediyoruz” diye a\u00e7\u0131klama yapt\u0131.<\/p>\n

Kaynak: (BYZHA) Beyaz Haber Ajans\u0131<\/p>\n","protected":false},"excerpt":{"rendered":"

Dijital g\u00fcvenlik \u015firketi ESET, \u00c7in ba\u011flant\u0131l\u0131 yeni bir APT grubunu ve bu grup \u00a0taraf\u0131ndan kullan\u0131lan sofistike bir implant olan NSPX30’u ortaya \u00e7\u0131kard\u0131.<\/p>\n","protected":false},"author":1,"featured_media":2954,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_uf_show_specific_survey":0,"_uf_disable_surveys":false,"footnotes":""},"categories":[25],"tags":[271,210,1333,1332,772],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/esenyurtgazetesi.com\/index.php\/wp-json\/wp\/v2\/posts\/2953"}],"collection":[{"href":"https:\/\/esenyurtgazetesi.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/esenyurtgazetesi.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/esenyurtgazetesi.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/esenyurtgazetesi.com\/index.php\/wp-json\/wp\/v2\/comments?post=2953"}],"version-history":[{"count":1,"href":"https:\/\/esenyurtgazetesi.com\/index.php\/wp-json\/wp\/v2\/posts\/2953\/revisions"}],"predecessor-version":[{"id":2955,"href":"https:\/\/esenyurtgazetesi.com\/index.php\/wp-json\/wp\/v2\/posts\/2953\/revisions\/2955"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/esenyurtgazetesi.com\/index.php\/wp-json\/wp\/v2\/media\/2954"}],"wp:attachment":[{"href":"https:\/\/esenyurtgazetesi.com\/index.php\/wp-json\/wp\/v2\/media?parent=2953"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/esenyurtgazetesi.com\/index.php\/wp-json\/wp\/v2\/categories?post=2953"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/esenyurtgazetesi.com\/index.php\/wp-json\/wp\/v2\/tags?post=2953"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}