![](\"http:\/\/www.erzurumflas.com\/wp-content\/uploads\/2018\/10\/rusca-konusan-turla-ve-sofacy-benzer-saldiri-yontemlerini-kullaniyor_6412b11.jpg\")
Uzun zamand\u0131r ortal\u0131kta dola\u015fan Turla ve Sofacy isimli sald\u0131r\u0131lar\u0131n yine Rus\u00e7a konu\u015fan Zebrocy ile ayn\u0131 yolu kulland\u0131\u011f\u0131n\u0131 a\u00e7\u0131klad\u0131. Ara\u015ft\u0131rmac\u0131lar, her iki tehdidin de merkez Asya b\u00f6lgesindeki kamu ve askeri kurumlar gibi jeopolitik hedeflere odakland\u0131\u011f\u0131na ve ayn\u0131 hedefler \u00fczerinde s\u0131k\u00e7a \u00e7ak\u0131\u015ft\u0131\u011f\u0131na dikkat \u00e7ekti.<\/p>\n
Uzun zamand\u0131r ortal\u0131kta dola\u015fan, Rus\u00e7a konu\u015fan, Snake veya Uroborus adlar\u0131yla da bilinen Turla sald\u0131r\u0131s\u0131n\u0131n izlerini takip eden Kaspersky Lab ara\u015ft\u0131rmac\u0131lar\u0131, sald\u0131r\u0131n\u0131n son varyasyonu olan KopiLuwak\u2019\u0131n zararl\u0131 kodlar\u0131n\u0131 kurbanlar\u0131na bula\u015ft\u0131rmak i\u00e7in bir ay \u00f6nce Sofacy\u2019in (di\u011fer isimleri Fancy Bear ve APT28) bir varyasyonu olan ve yine Rus\u00e7a konu\u015fan Zebrocy ile ayn\u0131 yolu kulland\u0131\u011f\u0131n\u0131 ortaya koydu. Ara\u015ft\u0131rmac\u0131lar her iki tehdidin merkez Asya b\u00f6lgesindeki kamu ve askeri kurumlar gibi jeopolitik hedeflere odakland\u0131\u011f\u0131na ve ayn\u0131 hedefler \u00fczerinde s\u0131k\u00e7a \u00e7ak\u0131\u015ft\u0131\u011f\u0131na dikkat \u00e7ekti. Bulgular, Kaspersky Lab k\u00fcresel ara\u015ft\u0131rma ve analiz ekibinin Turla ile ili\u015fkili d\u00f6rt aktif k\u00fcmenin geli\u015fimine ve faaliyetlerine odaklanan raporunda yer ald\u0131.<\/p>\n
Yap\u0131lan bilgilendirmede; ilk kez Kas\u0131m 2016\u2019da ke\u015ffedilen ve ad\u0131n\u0131 ender bulunan bir kahve t\u00fcr\u00fcnden alan KopiLuwak, aktif makro i\u00e7eren dok\u00fcmanlar arac\u0131l\u0131\u011f\u0131yla yay\u0131larak, cihaz ve a\u011flar\u0131 g\u00f6zetlemek \u00fczere tasarlanm\u0131\u015f Javascript tabanl\u0131 inat\u00e7\u0131 bir zararl\u0131 yaz\u0131l\u0131m\u0131n sistemlere bula\u015fmas\u0131n\u0131 sa\u011fl\u0131yor. Ara\u015ft\u0131rmac\u0131lar taraf\u0131ndan 2018 y\u0131l\u0131 ortalar\u0131nda ke\u015ffedilen KopiLuwak\u2019\u0131n son versiyonu \u00f6zellikle Suriye ve Afganistan\u2019\u0131 hedef al\u0131yor. Turla, Windows k\u0131sayol (.LNK) dosyalar\u0131 arac\u0131l\u0131\u011f\u0131yla yeni bir spear-phishing bula\u015fma vekt\u00f6r\u00fcn\u00fc kullan\u0131rken, analizlere g\u00f6re s\u00f6z konusu LNK dosyalar\u0131, i\u00e7erdi\u011fi PowerShell sayesinde KopiLuwak dosyalar\u0131n\u0131 de\u015fifre ederek sisteme y\u00fckl\u00fcyor. S\u00f6z konusu PowerShell ge\u00e7ti\u011fimiz ay Zebrocy\u2019de kullan\u0131lanla neredeyse ayn\u0131 oldu\u011fu belirtildi.<\/p>\n
Ara\u015ft\u0131rmac\u0131lar her iki tehdidin \u00f6zellikle merkez Asya\u2019daki kamu ara\u015ft\u0131rma ve g\u00fcvenlik birimleri, diplomatik birimler ve askeri tesisler gibi hassas niteli\u011fe sahip politik hedefler \u00fczerinde \u00e7ak\u0131\u015ft\u0131\u011f\u0131n\u0131 tespit etti. 2018 y\u0131l\u0131nda ara\u015ft\u0131rmac\u0131lar taraf\u0131ndan takip edilen di\u011fer Turla k\u00fcmeleri aras\u0131nda Carbon ve Mosquito da bulunuyor. Yap\u0131lan \u00e7al\u0131\u015fmalardan elde edilen di\u011fer bulgular, Turla taraf\u0131ndan istismar edilen Wi-Fi a\u011flar\u0131n\u0131n sistemlere Mosquito zararl\u0131 yaz\u0131l\u0131m\u0131n\u0131 bula\u015ft\u0131rmak i\u00e7in kullan\u0131ld\u0131\u011f\u0131na dair iddialar\u0131 destekliyor. Ayr\u0131ca halihaz\u0131rda olgunla\u015fm\u0131\u015f ve g\u00fc\u00e7l\u00fc bir siber casusluk a\u011f\u0131 olan Carbon framework\u00fcn detayl\u0131 bir modifikasyondan ge\u00e7ti\u011fine ve 2019 y\u0131l\u0131nda hedefli sald\u0131r\u0131larda kullan\u0131lmak \u00fczere daha da geli\u015ftirilece\u011fine dikkat \u00e7ekti. Turla\u2019n\u0131n 2018 y\u0131l\u0131ndaki hedefleri aras\u0131nda Orta Do\u011fu ve Kuzey Afrika, Bat\u0131 ve Do\u011fu Avrupa, Merkez ve Do\u011fu Asya ile Amerika b\u00f6lgesi yer ald\u0131.<\/p>\n
Kaspersky Lab K\u00fcresel Ara\u015ft\u0131rma ve Analiz Ekibi G\u00fcvenlik Ara\u015ft\u0131rma Ba\u015fkan\u0131 Kurt Baumgartner, konuya ili\u015fkin de\u011ferlendirmesinde, “Turla en eski, en inat\u00e7\u0131 ve en yetenekli sald\u0131r\u0131 ara\u00e7lar\u0131n\u0131n ba\u015f\u0131nda geliyor. Dahas\u0131 s\u00fcrekli kabuk de\u011fi\u015ftirmekten ve yeni \u015feyler denemekten geri kalm\u0131yor. 2018 y\u0131l\u0131nda Tuvla ana k\u00fcmeleri \u00fczerinde yapt\u0131\u011f\u0131m\u0131z ara\u015ft\u0131rmalarda bu zararl\u0131 platformun b\u00fcy\u00fcmeye ve geli\u015fmeye devam etti\u011fini g\u00f6rd\u00fck. Bununla birlikte \u015funun da alt\u0131n\u0131 \u00e7izmek laz\u0131m ki Rus\u00e7a konu\u015fan di\u011fer benzer \u00f6rnekler olan CozyDuke (APT29) ve Sofacy, 2016\u2019daki Demokratik Ulusal Komite sald\u0131r\u0131s\u0131nda oldu\u011fu gibi bat\u0131daki organizasyonlar\u0131 hedef al\u0131rken, Turla sessizce do\u011fudaki organizasyonlara y\u00f6neliyor. Hatta Turla\u2019n\u0131n son zamanlarda kulland\u0131\u011f\u0131 bula\u015fma teknikleri Sofacy\u2019nin Zebrocy alt setiyle zaman zaman \u00e7ak\u0131\u015f\u0131yor. \u00d6zetle Turla\u2019n\u0131n geli\u015ftirme ve yay\u0131lma s\u00fcreci devam ediyor ve sald\u0131r\u0131ya u\u011frama riski olan organizasyonlar\u0131n dikkatli olmas\u0131 gerekiyor” dedi.<\/p>\n
Kaspersky Lab, bu ve benzer sald\u0131r\u0131lar\u0131n hedefinde olan organizasyonlar\u0131n tuza\u011fa d\u00fc\u015fmemesi i\u00e7in kullan\u0131c\u0131lar\u0131n yap\u0131lmas\u0131 gerekenleri \u015f\u00f6yle s\u0131ralad\u0131:<\/p>\n
“Kaspersky Threat Management and Defense gibi kurumsal \u00f6l\u00e7ekte kendini kan\u0131tlam\u0131\u015f hedefli sald\u0131r\u0131 engelleme ve tehdit istihbarat\u0131 \u00e7\u00f6z\u00fcmlerini kullan\u0131lmal\u0131. Bu \u00e7\u00f6z\u00fcmler a\u011f aktivitesindeki \u015f\u00fcpheli durumlar\u0131 g\u00f6zlem alt\u0131na alarak hedefli sald\u0131r\u0131lar\u0131 tespit etme ve a\u00e7\u0131\u011fa \u00e7\u0131karma yetene\u011fine sahip. Ayr\u0131ca, sistem y\u00f6neticileri a\u011f \u00fczerindeki kontrol\u00fcn\u00fc art\u0131r\u0131r ve koruma mekanizmalar\u0131n\u0131n otomasyonunu sa\u011flar.<\/p>\n
G\u00fcvenlik ekibinin g\u00fcncel tehdit istihbarat\u0131na ula\u015fmas\u0131n\u0131 sa\u011flay\u0131n. B\u00f6ylece IOC ve YARA gibi belirtileri takibe alabilir, \u00f6zelle\u015fmi\u015f olas\u0131 tehditler hakk\u0131nda detayl\u0131 bilgi sahibi olabilir.<\/p>\n
Kurumsal \u00f6l\u00e7ekte yama y\u00f6netim s\u00fcrecini devreye al\u0131n, t\u00fcm sistem konfig\u00fcrasyonlar\u0131n\u0131 iyice kontrol edin ve kendini ispatlam\u0131\u015f en iyi y\u00f6ntemleri s\u00fcre\u00e7lerinizin par\u00e7as\u0131 haline getirin.<\/p>\n
Hedefli bir sald\u0131r\u0131n\u0131n ilk i\u015faretlerini fark etti\u011finizde y\u00f6netilen koruma servislerine ba\u015fvurmay\u0131 de\u011ferlendirin. B\u00f6ylece tehditleri proaktif bi\u00e7imde tespit edebilir, harekete ge\u00e7me s\u00fcrenizi k\u0131saltabilir ve do\u011fru \u00f6nlemleri zaman\u0131nda alabil\u0131nabilir”.<\/p>\n","protected":false},"excerpt":{"rendered":"
UZUN ZAMANDIR ORTALIKTA DOLA\u015eAN TURLA VE SOFACY \u0130S\u0130ML\u0130 SALDIRILARIN Y\u0130NE RUS\u00c7A KONU\u015eAN ZEBROCY \u0130LE AYNI YOLU KULLANDI\u011eINI A\u00c7IKLADI. ARA\u015eTIRMACILAR, HER \u0130K\u0130 TEHD\u0130D\u0130N DE MERKEZ ASYA B\u00d6LGES\u0130NDEK\u0130 KAMU VE ASKER\u0130 KURUMLAR G\u0130B\u0130 JEOPOL\u0130T\u0130K HEDEFLERE ODAKLANDI\u011eINA VE AYNI HEDEFLER \u00dcZER\u0130NDE SIK\u00c7A \u00c7AKI\u015eTI\u011eINA D\u0130KKAT \u00c7EKT\u0130.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[18],"tags":[80872,22957,25481,82820,68,107252,107251,38016],"class_list":["post-1312035","post","type-post","status-publish","format-standard","hentry","category-bilim-teknoloji","tag-benzer","tag-konusan","tag-kullaniyor","tag-rusca","tag-saldiri","tag-sofacy","tag-turla","tag-yontemlerini"],"_links":{"self":[{"href":"https:\/\/www.erzhaber.com\/index.php?rest_route=\/wp\/v2\/posts\/1312035","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.erzhaber.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.erzhaber.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.erzhaber.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.erzhaber.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1312035"}],"version-history":[{"count":0,"href":"https:\/\/www.erzhaber.com\/index.php?rest_route=\/wp\/v2\/posts\/1312035\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.erzhaber.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1312035"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.erzhaber.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1312035"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.erzhaber.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1312035"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}