{"id":14860,"date":"2022-04-22T18:24:02","date_gmt":"2022-04-22T15:24:02","guid":{"rendered":"https:\/\/kutaybilen.com.tr\/?p=14860"},"modified":"2022-04-22T18:24:02","modified_gmt":"2022-04-22T15:24:02","slug":"iki-faktorlu-kimlik-dogrulama-metodunu-atlatan-hacker-kumesi","status":"publish","type":"post","link":"https:\/\/kutaybilen.com.tr\/?p=14860","title":{"rendered":"\u0130ki Fakt\u00f6rl\u00fc Kimlik Do\u011frulama Metodunu Atlatan Hacker K\u00fcmesi"},"content":{"rendered":"<p>Son vakitlerde \u00e7evrimi\u00e7i hizmet sa\u011flay\u0131c\u0131lardan oyun st\u00fcdyolar\u0131na kadar bir\u00e7ok geli\u015ftirici ve yay\u0131nc\u0131, g\u00fcvenlik yolu olarak<strong> iki fakt\u00f6rl\u00fc kimlik do\u011frulamas\u0131 <\/strong>sunmaya ba\u015flad\u0131. T\u00fcm bu hizmeti kullananlar\u0131n s\u00f6yledi\u011fi ortak \u015fey ise bu sistemin ki\u015finin hesab\u0131n\u0131, sistemini, ak\u0131ll\u0131 telefonunu vb. \u015feyleri daha inan\u00e7l\u0131 hale getirdi\u011fiydi lakin pek de o denli g\u00f6r\u00fcnm\u00fcyor.<\/p>\n<p>Edinilen bilgiye nazaran <strong>APT20<\/strong> isimli \u00c7inli bir hacker k\u00fcmesi, rastgele bir alarma yakalanmadan yayg\u0131n olarak kullan\u0131lan g\u00fcvenlik prosed\u00fcrlerini atlatmay\u0131 ba\u015fard\u0131. Yap\u0131lan bu siber casusluk s\u00fcreci, iki fakt\u00f6rl\u00fc kimlik do\u011frulama sisteminin sorgulanmas\u0131na neden oldu.<\/p>\n<p><b>\u015eu an prestijiyle bu s\u00fcre\u00e7 i\u00e7in hi\u00e7bir tahlil yolu mevcut de\u011fil:<\/b><\/p>\n<p><img decoding=\"async\" src=\"https:\/\/www.webtekno.com\/images\/editor\/default\/0002\/37\/7eabf46f2d8bb4e4277325a807fad068d66debd8.jpeg\"\/><\/p>\n<p>APT 20, bu hack s\u00fcrecini ger\u00e7ekle\u015ftirebilmek i\u00e7in Fox-IT\u2019nin \u201cWocao Operasyonu\u201d olarak s\u0131n\u0131fland\u0131rd\u0131\u011f\u0131 \u015feyi kulland\u0131. K\u00fcme, daha evvelce web sunucular\u0131n\u0131 hacklemeyi ba\u015farm\u0131\u015ft\u0131 lakin art\u0131k odak noktas\u0131n\u0131 de\u011fi\u015ftirdi ve iki fakt\u00f6rl\u00fc kimlik do\u011frulama prosed\u00fcrlerini atlatmak i\u00e7in ata\u011fa u\u011fram\u0131\u015f bir hesaptan \u00e7al\u0131nan bir <strong>RSA SecurID <\/strong>yaz\u0131l\u0131m\u0131n\u0131 kulland\u0131. Daha kolay bir tabirle k\u00fcme, ataklar\u0131n\u0131n g\u00fcvenlik sistemlerinde ge\u00e7erli g\u00f6r\u00fcnmesini sa\u011flayabilmek i\u00e7in h\u00fccuma u\u011fram\u0131\u015f bir hesaptan \u00e7al\u0131nan de\u011fi\u015ftirilmi\u015f bir anahtar kulland\u0131.<\/p>\n<p>Bu metot sayesinde APT 20, ge\u00e7erli sonu\u00e7lar\u0131 g\u00f6stermek i\u00e7in ba\u015fka sistemleri de kand\u0131rmay\u0131 ba\u015farabildi. \u0130ki fakt\u00f6rl\u00fc kimlik do\u011frulama <strong>farkl\u0131 sistemlere<\/strong> dayand\u0131\u011f\u0131 i\u00e7in\u00a0grup, bir taraf\u0131 hacklemeyi ba\u015fard\u0131\u011f\u0131nda \u00f6b\u00fcr sistemin de de\u011fi\u015ftirilmi\u015f anahtar\u0131 kabul etmesi sa\u011flanabiliyor.<\/p>\n<p>\u015eu an prestijiyle bu siber casusluk s\u00fcreci i\u00e7in hi\u00e7bir <strong>tahlilin <\/strong>mevcut olmad\u0131\u011f\u0131 belirtiliyor. Fakat bu, sistemin b\u00fcsb\u00fct\u00fcn s\u0131k\u0131nt\u0131l\u0131 ve inan\u00e7s\u0131z oldu\u011fu manas\u0131na gelmiyor. Payla\u015f\u0131lan raporda ayr\u0131yeten ikili do\u011frulama s\u00fcrecinin daha ba\u011f\u0131ms\u0131z ve birbirine daha az ba\u011f\u0131ml\u0131 hale getirilebilece\u011fi \u00e7e\u015fitli form\u00fcller de ayr\u0131nt\u0131land\u0131r\u0131ld\u0131.<\/p>\n<div> <\/div>\n","protected":false},"excerpt":{"rendered":"<p>Son vakitlerde \u00e7evrimi\u00e7i hizmet sa\u011flay\u0131c\u0131lardan oyun st\u00fcdyolar\u0131na kadar bir\u00e7ok geli\u015ftirici ve yay\u0131nc\u0131, g\u00fcvenlik yolu olarak iki fakt\u00f6rl\u00fc kimlik &#8230;<\/p>\n","protected":false},"author":1,"featured_media":14861,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[854],"tags":[2210,3026,3027],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=\/wp\/v2\/posts\/14860"}],"collection":[{"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=14860"}],"version-history":[{"count":1,"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=\/wp\/v2\/posts\/14860\/revisions"}],"predecessor-version":[{"id":14862,"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=\/wp\/v2\/posts\/14860\/revisions\/14862"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=\/wp\/v2\/media\/14861"}],"wp:attachment":[{"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=14860"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=14860"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=14860"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}