{"id":1290,"date":"2013-09-29T23:11:49","date_gmt":"2013-09-29T20:11:49","guid":{"rendered":"http:\/\/www.devrearsiv.com\/?p=1290"},"modified":"2013-09-29T23:11:49","modified_gmt":"2013-09-29T20:11:49","slug":"siber-askerler-icefog","status":"publish","type":"post","link":"https:\/\/devrearsivi.com\/siber-askerler-icefog\/","title":{"rendered":"Siber askerler &#8221;Icefog&#8221;"},"content":{"rendered":"<p style=\"text-align: center\"><em><strong>Kurumsal alanda u\u00e7 nokta koruma \u00e7\u00f6z\u00fcmlerinde lider \u015firket Kaspersky Lab g\u00fcvenlik ekibi, G\u00fcney Kore ve Japonya\u2019daki hedeflere yo\u011funla\u015fan ve buradaki Bat\u0131l\u0131 \u015firketlerin tedarik zincirlerini vuran \u201cIcefog\u201d adl\u0131 k\u00fc\u00e7\u00fck ancak dinamik bir APT (Advanced Persistent Threat-Geli\u015fmi\u015f Siber Silahlar) grubuyla ilgili yeni bir ara\u015ft\u0131rma belgesi yay\u0131mlad\u0131.<\/strong><\/em><\/p>\n<p style=\"text-align: center\"><em><strong><\/strong><\/em><em><strong>2011\u2019de operasyona ba\u015flayan ve son birka\u00e7 y\u0131lda boyutlar\u0131 ve kapsam\u0131 geni\u015fleyen Icefog ile ilgili a\u00e7\u0131klama yapan Global Ara\u015ft\u0131rma ve Analiz Ekibi Direkt\u00f6r\u00fc Costin Raiu, \u201cSon birka\u00e7 y\u0131lda benzer sekt\u00f6rlerden hemen hemen ayn\u0131 t\u00fcrde kurbanlar\u0131 vuran bir dizi APT\u2019nin varl\u0131\u011f\u0131n\u0131 ke\u015ffettik. Sald\u0131rganlar \u00e7o\u011funlukla kurumsal ve devlet a\u011flar\u0131nda belirli noktalara tutunuyor ve terabyte\u2019larla ifade dilebilecek miktarda \u00f6nemli bilgiyi ka\u00e7\u0131r\u0131yor\u201d dedi. Icefog sald\u0131r\u0131lar\u0131n\u0131n \u2018vur-ka\u00e7\u2019 niteli\u011fi yeni bir trendin olu\u015ftu\u011funu g\u00f6sterdi\u011fini de ekleyen Raiu s\u00f6zlerini \u015fu \u015fekilde s\u00fcrd\u00fcrd\u00fc: \u201cBunlar, hedefe y\u00f6nelik bir \u015fekilde bilginin pe\u015fine d\u00fc\u015fen k\u00fc\u00e7\u00fck vur-ka\u00e7 \u00e7eteleri. Sald\u0131r\u0131 genellikle birka\u00e7 g\u00fcn veya bir hafta s\u00fcr\u00fcyor. Arad\u0131klar\u0131na ula\u015ft\u0131ktan sonra sald\u0131rganlar gerekli temizlikleri yap\u0131p gidiyor. Gelecekte bu k\u00fc\u00e7\u00fck, hedefe odaklanm\u0131\u015f \u2018kiral\u0131k APT\u2019 gruplar\u0131n\u0131n say\u0131s\u0131n\u0131n artaca\u011f\u0131n\u0131, vur-ka\u00e7 tarz\u0131 operasyonlarda uzmanla\u015facaklar\u0131n\u0131, bu ekiplerin modern d\u00fcnyan\u0131n bir t\u00fcr \u2018siber paral\u0131 askerleri\u2019 olarak de\u011ferlendirilebilece\u011fini d\u00fc\u015f\u00fcn\u00fcyoruz.\u201d<\/strong><\/em><\/p>\n<p style=\"text-align: center\"><img fetchpriority=\"high\" decoding=\"async\" class=\"wp-image-1291 aligncenter\" alt=\"1380354898_kaspersky-lab76\" src=\"http:\/\/www.devrearsiv.com\/wp-content\/uploads\/2013\/09\/1380354898_kaspersky-lab76-225x300.jpg\" width=\"466\" height=\"619\" \/><strong><em>Icefog ile ilgili ba\u015fl\u0131ca bulgular:<\/em><\/strong><\/p>\n<ul style=\"text-align: center\">\n<li><strong><em>Belirlenen hedeflerin niteli\u011fine g\u00f6re sald\u0131rganlar\u0131n ilgilendikleri sekt\u00f6rler \u015fu \u015fekilde s\u0131ralan\u0131yor: Donanma, gemi in\u015fa ve denizcilik operasyonlar\u0131, bilgisayar ve yaz\u0131l\u0131m geli\u015ftirme, ara\u015ft\u0131rma \u015firketleri, telekom operat\u00f6rleri, uydu operat\u00f6rleri, medya ve televizyon.<\/em><\/strong><\/li>\n<li><strong><em>Ara\u015ft\u0131rman\u0131n g\u00f6sterdi\u011fine g\u00f6re sald\u0131rganlar Lig Nex1 ve Selectron Industrial Company gibi savunma sanayi y\u00fcklenicilerini, DSME Tech gibi gemi in\u015fa \u015firketlerini, Hanjin Heavy Industries\u2019i, Korea Telecom gibi telekom operat\u00f6rlerini, Fuji TV gibi medya \u015firketlerini ve Japan-China Economic Association\u2019\u0131 hedefe ald\u0131lar.<\/em><\/strong><\/li>\n<li><strong><em>Sald\u0131rganlar \u00f6nemli belgelerin yan\u0131 s\u0131ra \u015firket planlar\u0131n\u0131, kurban\u0131n a\u011f\u0131n\u0131n i\u00e7inde ve d\u0131\u015f\u0131nda \u00e7e\u015fitli kaynaklara ula\u015fmak amac\u0131yla e-posta hesap bilgilerini ve parolalar\u0131 \u00e7al\u0131yor.<\/em><\/strong><\/li>\n<li><strong><em>Operasyon s\u0131ras\u0131nda sald\u0131rganlar \u201cIcefog\u201d arka kap\u0131 ayar\u0131n\u0131 kullan\u0131yor (\u201cFucobha\u201d olarak da biliniyor. Kaspersky Lab, Icefog&#8217;un Microsoft Windows ve Mac OS X i\u00e7in \u00e7e\u015fitli versiyonlar\u0131 bulundu\u011funu belirlemi\u015ftir.<\/em><\/strong><\/li>\n<li><strong><em>Bir\u00e7ok APT kampanyas\u0131nda kurbanlar aylarca, hatta y\u0131llarca etki alt\u0131nda kalmakta, sald\u0131rganlar veri \u00e7almaya devam etmekte ve Icefog operat\u00f6rleri kurbanlar \u00fczerinde teker teker \u00e7al\u0131\u015farak yaln\u0131zca hedefe y\u00f6nelik belirli verileri bulmakta ve kopyalamaktad\u0131r. \u0130stenen bilgilere ula\u015ft\u0131ktan sonra ayr\u0131lmaktad\u0131rlar.<\/em><\/strong><\/li>\n<li><strong><em>Icefog operat\u00f6rleri \u00e7o\u011funlukla kurbanlardan ne istediklerini \u00e7ok iyi biliyor. Kolayca belirlenebilen ve C&amp;C&#8217;ye aktar\u0131labilen belirli dosya adlar\u0131n\u0131 arad\u0131klar\u0131 tespit edildi.<\/em><\/strong><\/li>\n<\/ul>\n<p style=\"text-align: center\"><strong><em>\u00a0<\/em><\/strong><\/p>\n<p style=\"text-align: center\"><strong><em>ARKA PLANDA ASYA \u00dcLKELER\u0130 VAR<\/em><\/strong><\/p>\n<p style=\"text-align: center\"><strong><em>Kaspersky Lab ara\u015ft\u0131rmac\u0131lar\u0131, sald\u0131rganlar taraf\u0131ndan kullan\u0131lan 70\u2019ten fazla ana alandan 13\u2019\u00fcne ula\u015ft\u0131. Bu, d\u00fcnya \u00e7ap\u0131nda kurban say\u0131s\u0131na dair baz\u0131 istatistikler sa\u011fl\u0131yor. Icefog komutu ve kontrol sunucular\u0131 kurbanlar\u0131n\u0131n yan\u0131 s\u0131ra \u00fczerlerinde ger\u00e7ekle\u015ftirilen i\u015flemlerin \u015fifreli kay\u0131tlar\u0131n\u0131 tutuyor. Bu kay\u0131tlar baz\u0131 durumlarda sald\u0131r\u0131lar\u0131n hedeflerinin, hatta bazen kurbanlar\u0131n belirlenmesine yard\u0131mc\u0131 oluyor. Japonya ve G\u00fcney Kore\u2019nin yan\u0131 s\u0131ra Tayvan, Hong Kong, \u00c7in, ABD, Avustralya, Kanada, \u0130ngiltere, \u0130talya, Almanya, Avusturya, Singapur, Belarus ve Malezya\u2019da dahil baz\u0131 ba\u015fka \u00fclkelerde de ba\u011flant\u0131lar belirlenmi\u015f durumda. Kaspersky Lab toplamda 4.000\u2019den fazla etkilenmi\u015f IP ve birka\u00e7 y\u00fcz kurban\u0131 belirledi.<\/em><\/strong><\/p>\n<p style=\"text-align: center\"><strong><em>\u00a0<\/em><\/strong><\/p>\n<p style=\"text-align: center\"><strong><em>Altyap\u0131y\u0131 izlemek ve kontrol etmek i\u00e7in kullan\u0131lan IP\u2019lere bakarak Kaspersky Lab uzmanlar\u0131, bu operasyonun arkas\u0131nda yer alan oyuncular\u0131n en az \u015fu \u00fc\u00e7 \u00fclkede bulundu\u011funu varsay\u0131yor: \u00c7in, G\u00fcney Kore ve Japonya.<\/em><\/strong><\/p>\n<p style=\"text-align: center\"><strong><em>Kaspersky Lab \u00fcr\u00fcnleri Icefog zararl\u0131 yaz\u0131l\u0131m\u0131n\u0131n t\u00fcm varyantlar\u0131n\u0131 belirlemekte ve engellemektedir. Arka kap\u0131lar, di\u011fer zararl\u0131 ara\u00e7lar ve istatistiklerle birlikte risk g\u00f6stergelerine dair ayr\u0131nt\u0131l\u0131 a\u00e7\u0131klamalar i\u00e7eren raporun tamam\u0131n\u0131 okumak i\u00e7in bkz. Securelist. Eksiksiz bir Icefog SSS b\u00f6l\u00fcm\u00fc de bulunmaktad\u0131r.<\/em><\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Kurumsal alanda u\u00e7 nokta koruma \u00e7\u00f6z\u00fcmlerinde lider \u015firket Kaspersky Lab g\u00fcvenlik ekibi, G\u00fcney Kore ve&#8230;<\/p>\n","protected":false},"author":1,"featured_media":1292,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[20],"tags":[407,408,406],"aioseo_notices":[],"featured_image_urls":{"full":["https:\/\/devrearsivi.com\/wp-content\/uploads\/2013\/09\/1377293136_hacker.jpg",240,103,false],"thumbnail":["https:\/\/devrearsivi.com\/wp-content\/uploads\/2013\/09\/1377293136_hacker-150x103.jpg",150,103,true],"medium":["https:\/\/devrearsivi.com\/wp-content\/uploads\/2013\/09\/1377293136_hacker.jpg",240,103,false],"medium_large":["https:\/\/devrearsivi.com\/wp-content\/uploads\/2013\/09\/1377293136_hacker.jpg",240,103,false],"large":["https:\/\/devrearsivi.com\/wp-content\/uploads\/2013\/09\/1377293136_hacker.jpg",240,103,false],"1536x1536":["https:\/\/devrearsivi.com\/wp-content\/uploads\/2013\/09\/1377293136_hacker.jpg",240,103,false],"2048x2048":["https:\/\/devrearsivi.com\/wp-content\/uploads\/2013\/09\/1377293136_hacker.jpg",240,103,false],"covernews-slider-full":["https:\/\/devrearsivi.com\/wp-content\/uploads\/2013\/09\/1377293136_hacker.jpg",240,103,false],"covernews-slider-center":["https:\/\/devrearsivi.com\/wp-content\/uploads\/2013\/09\/1377293136_hacker.jpg",240,103,false],"covernews-featured":["https:\/\/devrearsivi.com\/wp-content\/uploads\/2013\/09\/1377293136_hacker.jpg",240,103,false],"covernews-medium":["https:\/\/devrearsivi.com\/wp-content\/uploads\/2013\/09\/1377293136_hacker.jpg",240,103,false],"covernews-medium-square":["https:\/\/devrearsivi.com\/wp-content\/uploads\/2013\/09\/1377293136_hacker.jpg",240,103,false]},"author_info":{"display_name":"Ferhat \u00c7elik","author_link":"https:\/\/devrearsivi.com\/author\/94ferhat\/"},"category_info":"<a href=\"https:\/\/devrearsivi.com\/category\/teknoloji-haberleri\/\" rel=\"category tag\">Teknoloji Haberleri<\/a>","tag_info":"Teknoloji Haberleri","comment_count":"0","_links":{"self":[{"href":"https:\/\/devrearsivi.com\/wp-json\/wp\/v2\/posts\/1290"}],"collection":[{"href":"https:\/\/devrearsivi.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devrearsivi.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devrearsivi.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/devrearsivi.com\/wp-json\/wp\/v2\/comments?post=1290"}],"version-history":[{"count":1,"href":"https:\/\/devrearsivi.com\/wp-json\/wp\/v2\/posts\/1290\/revisions"}],"predecessor-version":[{"id":1293,"href":"https:\/\/devrearsivi.com\/wp-json\/wp\/v2\/posts\/1290\/revisions\/1293"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devrearsivi.com\/wp-json\/wp\/v2\/media\/1292"}],"wp:attachment":[{"href":"https:\/\/devrearsivi.com\/wp-json\/wp\/v2\/media?parent=1290"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devrearsivi.com\/wp-json\/wp\/v2\/categories?post=1290"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devrearsivi.com\/wp-json\/wp\/v2\/tags?post=1290"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}