{"id":1324685,"date":"2018-10-11T12:15:58","date_gmt":"2018-10-11T09:15:58","guid":{"rendered":"http:\/\/www.erzurumflas.com\/orta-doguyu-hedefleyen-muddy-water-turkiyeye-de-sicradi\/"},"modified":"2018-10-11T12:16:06","modified_gmt":"2018-10-11T09:16:06","slug":"orta-doguyu-hedefleyen-muddy-water-turkiyeye-de-sicradi","status":"publish","type":"post","link":"https:\/\/www.erzhaber.com.tr\/?p=1324685","title":{"rendered":"Orta Do\u011fu\u2019yu hedefleyen Muddy Water T\u00fcrkiye\u2019ye de s\u0131\u00e7rad\u0131"},"content":{"rendered":"<p><img decoding=\"async\" src=\"http:\/\/www.erzurumflas.com\/wp-content\/uploads\/2018\/10\/orta-doguyu-hedefleyen-muddy-water-turkiyeye-de-sicradi_1242827.jpg\" width=\"600\">\u0130lk kez 2017 y\u0131l\u0131nda Irak ve Suudi Arabistan\u2019da g\u00f6r\u00fclen Muddy Water aktivitesini takip eden Kaspersky Lab ara\u015ft\u0131rmac\u0131lar\u0131, s\u00f6z konusu tehdidin \u00dcrd\u00fcn, T\u00fcrkiye, Azerbaycan, Pakistan ve Afganistan\u2019daki kamu kurumlar\u0131n\u0131 da tehdit etti\u011fini a\u00e7\u0131klad\u0131. Yay\u0131lmak i\u00e7in y\u00fcksek d\u00fczeyde \u00f6zelle\u015ftirilmi\u015f oltalama mesajlar\u0131n\u0131 kullanan Muddy Water, i\u00e7ine \u00f6zel makrolar yerle\u015ftirilmi\u015f ofis dosyalar\u0131n\u0131 kullan\u0131yor.<\/p>\n<p>Yeni bir tehdit olarak g\u00f6r\u00fclen 2017 y\u0131l\u0131nda ke\u015ffedilen Muddy Water, ilk olarak Irak ve Suudi Arabistan\u2019daki kamu kurumlar\u0131na sald\u0131r\u0131rken tespit edilmi\u015fti. Kaspersky Lab ara\u015ft\u0131rmac\u0131lar\u0131 bu y\u0131l\u0131n ba\u015flar\u0131nda tehtidin \u00e7ok daha geni\u015f bir co\u011frafyay\u0131 hedef alan oltalama mesajlar\u0131yla yay\u0131lmaya \u00e7al\u0131\u015ft\u0131\u011f\u0131n\u0131 ke\u015ffetti\u011fini a\u00e7\u0131klarken, 2018 y\u0131l\u0131 May\u0131s ve Haziran aylar\u0131nda etkinli\u011fi doru\u011fa \u00e7\u0131kan tehdidin etkisi halen s\u00fcr\u00fcyor.<\/p>\n<p>Yap\u0131lan bilgilendirmede; oltalama mesajlar\u0131n\u0131n i\u00e7eri\u011fi \u00f6zellikle kamu ve askeri kurumlar\u0131n, telekom \u015firketlerinin ve e\u011fitim kurumlar\u0131n\u0131n hedeflendi\u011fini g\u00f6steriyor. S\u00f6z konusu e-posta mesajlar\u0131 MS Office 97-2003 dosyalar\u0131n\u0131 ekinde bar\u0131nd\u0131r\u0131yor ve kullan\u0131c\u0131lar\u0131 makrolar\u0131 aktif hale getirmeye zorluyor. Hemen arkas\u0131ndan bula\u015fma ger\u00e7ekle\u015fiyor.<\/p>\n<p>Kaspersky Lab ara\u015ft\u0131rmac\u0131lar\u0131n\u0131n yapt\u0131\u011f\u0131 a\u00e7\u0131klamada; sald\u0131rganlar\u0131n kulland\u0131klar\u0131 PowerShell, VBS, VBA, Python ve C# scriptleri, RAT (Remote Access Trojans-Uzaktan Eri\u015fimli Truva At\u0131) ve di\u011fer ara\u00e7lara dair analizler s\u00fcr\u00fcyor. Enfeksiyon ger\u00e7ekle\u015fti\u011finde zararl\u0131 yaz\u0131l\u0131m, beraberindeki listede yer alan internet adreslerinden birini se\u00e7erek komuta merkeziyle ileti\u015fime ge\u00e7iyor. Sistemde g\u00fcvenlik yaz\u0131l\u0131m\u0131 oldu\u011funu alg\u0131larsa bir dizi script \u00e7al\u0131\u015ft\u0131r\u0131yor ve son bir PowerShell paketiyle sistemde suistimale a\u00e7\u0131k bir arka kap\u0131 b\u0131rak\u0131yor. Ger\u00e7ek MS dosyalar\u0131 kullanmas\u0131 nedeniyle kara listelerden kolayca s\u0131yr\u0131lan tehdit, beraberindeki PowerShell koduyla makro uyar\u0131lar\u0131n\u0131 ve korumal\u0131 g\u00f6r\u00fcn\u00fcm se\u00e7eneklerini devre d\u0131\u015f\u0131 b\u0131rakabiliyor. B\u00f6ylece takip eden sald\u0131r\u0131lara kar\u015f\u0131 sistemi korumas\u0131z hale getiriyor.<\/p>\n<p>Tehdidin \u015fimdiye dek tespit edilen hedefleri aras\u0131nda T\u00fcrkiye, \u00dcrd\u00fcn, Azerbaycan, Irak, Suudi Arabistan, Mali, Avusturya, , Rusya, \u0130ran ve Bahreyn yer ald\u0131\u011f\u0131 belirtilirken, Muddy Water operasyonunun arkas\u0131nda kim oldu\u011fu bilinmemekle birlikte, kullan\u0131lan sald\u0131r\u0131 teknikleri jeopolitik bir ama\u00e7 i\u00e7in sald\u0131r\u0131lar\u0131n ger\u00e7ekle\u015ftirildi\u011fine dair ipu\u00e7lar\u0131 verdi. Yine kullan\u0131lan kodlar ara\u015ft\u0131rmac\u0131lar\u0131 yan\u0131ltmay\u0131 hedefleyen unsurlar bar\u0131nd\u0131r\u0131yor. \u00d6rne\u011fin; kodlarda \u00c7ince yaz\u0131lar, Leo, PooPak, Vendetta ve Turk gibi isimler ge\u00e7iyor.<\/p>\n<p>Kaspersky Lab GReAT Tak\u0131m\u0131 K\u0131demli G\u00fcvenlik Ara\u015ft\u0131rmac\u0131s\u0131 Amin Hasbini, ke\u015ffedilen bulgular ile ilgili, \u201cGe\u00e7ti\u011fimiz y\u0131l Muddy Water grubunun pek \u00e7ok sald\u0131r\u0131ya imza att\u0131\u011f\u0131n\u0131 ve tekniklerini s\u00fcrekli geli\u015ftirdiklerini g\u00f6rd\u00fck. Grup \u00e7a\u011fda\u015f g\u00fcvenlik \u00f6nlemlerini atlatmak i\u00e7in aktif bir geli\u015ftirici tak\u0131m\u0131na sahip. Bu da yak\u0131n zamanda tehdidin daha ciddi boyutlara ula\u015fabilece\u011fini g\u00f6steriyor. Bu nedenle konuya dair ilk bulgular\u0131m\u0131z\u0131 kamuoyuyla bir an \u00f6nce payla\u015fmak istedik. Grubun ellerindeki ara\u00e7lar\u0131, stratejilerini ve olas\u0131 hatalar\u0131n\u0131 ortaya koymak i\u00e7in g\u00f6zlemlerimize devam edece\u011fiz\u201d.<\/p>\n<p>Kaspersky Lab, Muddy Water ve benzer tehditlere kar\u015f\u0131 korunmak i\u00e7in al\u0131nmas\u0131 gereken \u00f6nlemleri \u015f\u00f6yle s\u0131ralad\u0131:<\/p>\n<p>Hedefli tehditlerin alg\u0131lanmas\u0131, \u00f6nlenmesi ve ara\u015ft\u0131r\u0131lmas\u0131na yard\u0131mc\u0131 olacak kapsaml\u0131 s\u00fcre\u00e7leri devreye al\u0131nmal\u0131. Hedefli sald\u0131r\u0131lara kar\u015f\u0131 etkili g\u00fcvenlik \u00e7\u00f6z\u00fcmleri ve personel e\u011fitimi de bunun bir par\u00e7as\u0131 olmal\u0131.<\/p>\n<p>G\u00fcvenlik ekibinizin en son tehdit verilerine d\u00fczenli olarak ula\u015fmas\u0131n\u0131 sa\u011flanmal\u0131, b\u00f6ylece YARA kurallar\u0131n\u0131 uygulayabilir ve sald\u0131r\u0131ya dair izleri daha kolay tespit edebilir.<\/p>\n<p>Kurumsal nitelikte yama y\u00f6netim s\u00fcrecini devreye sokulmal\u0131.<\/p>\n<p>T\u00fcm sistem yap\u0131land\u0131rmalar\u0131n\u0131 iki kez kontrol edilmeli ve en iyi korunma yollar\u0131n\u0131 s\u00fcre\u00e7lerin par\u00e7as\u0131 haline getirilmeli.<\/p>\n<p>\u00c7al\u0131\u015fma ekibinin \u015f\u00fcpheli e-posta mesajlar\u0131 tespit etme konusunda e\u011fitilmeli ve b\u00f6yle bir durumda ne yap\u0131lmas\u0131 gerekti\u011fine dair bilgilendirilmeli.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u0130LK KEZ 2017 YILINDA IRAK VE SUUD\u0130 ARAB\u0130STAN\u2019DA G\u00d6R\u00dcLEN MUDDY WATER AKT\u0130V\u0130TES\u0130N\u0130 TAK\u0130P EDEN KASPERSKY LAB ARA\u015eTIRMACILARI, S\u00d6Z KONUSU TEHD\u0130D\u0130N \u00dcRD\u00dcN, T\u00dcRK\u0130YE, AZERBAYCAN, PAK\u0130STAN VE AFGAN\u0130STAN\u2019DAK\u0130 KAMU KURUMLARINI DA TEHD\u0130T ETT\u0130\u011e\u0130N\u0130 A\u00c7IKLADI.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[18],"tags":[83701,53525,107789,12975,34264,2296,107790],"class_list":["post-1324685","post","type-post","status-publish","format-standard","hentry","category-bilim-teknoloji","tag-doguyu","tag-hedefleyen","tag-muddy","tag-orta","tag-sicradi","tag-turkiyeye","tag-water"],"_links":{"self":[{"href":"https:\/\/www.erzhaber.com.tr\/index.php?rest_route=\/wp\/v2\/posts\/1324685","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.erzhaber.com.tr\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.erzhaber.com.tr\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.erzhaber.com.tr\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.erzhaber.com.tr\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1324685"}],"version-history":[{"count":0,"href":"https:\/\/www.erzhaber.com.tr\/index.php?rest_route=\/wp\/v2\/posts\/1324685\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.erzhaber.com.tr\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1324685"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.erzhaber.com.tr\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1324685"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.erzhaber.com.tr\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1324685"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}