{"id":19516,"date":"2022-05-01T09:18:04","date_gmt":"2022-05-01T06:18:04","guid":{"rendered":"https:\/\/kutaybilen.com.tr\/?p=19516"},"modified":"2022-05-01T09:18:04","modified_gmt":"2022-05-01T06:18:04","slug":"bir-hacker-kumesi-kurumsal-e-posta-ve-ftp-trafigini-izliyor","status":"publish","type":"post","link":"https:\/\/kutaybilen.com.tr\/?p=19516","title":{"rendered":"Bir Hacker K\u00fcmesi Kurumsal e-Posta ve FTP Trafi\u011fini \u0130zliyor"},"content":{"rendered":"

\u015eirketin bildirdi\u011fine nazaran iki farkl\u0131 k\u00fcme bulunuyor. \u0130ki hacker k\u00fcmesinden birincisinin daha karma\u015f\u0131k oldu\u011fu g\u00f6r\u00fcl\u00fcyor. Qihoo'ya nazaran k\u00fcmenin, ge\u00e7en y\u0131l 4 Aral\u0131k'ta DrayTek ayg\u0131tlar\u0131na epeyce karma\u015f\u0131k bir ak\u0131n yapt\u0131\u011f\u0131 radarlar taraf\u0131ndan belirlendi. Qihoo, t\u0131pk\u0131 k\u00fcmenin y\u00f6nlendiricinin kullan\u0131c\u0131 ismi ve oturum a\u00e7ma <\/strong>alan\u0131ndaki makus gayeli kodu gizlemek i\u00e7in DrayTek ayg\u0131tlar\u0131n\u0131n RSA \u015fifreli oturum a\u00e7ma sistemindeki bir g\u00fcvenlik a\u00e7\u0131\u011f\u0131n\u0131 berbata kulland\u0131\u011f\u0131n\u0131 s\u00f6yledi.<\/p>\n

<\/p>\n

Ara\u015ft\u0131rmac\u0131lar, bilgisayar korsanlar\u0131n\u0131n 21 numaral\u0131 irtibat noktas\u0131 (FTP – evrak aktar\u0131m\u0131), 25 numaral\u0131 ili\u015fki noktas\u0131 (SMTP – e-posta), 110 numaral\u0131 temas noktas\u0131 (POP3 – e-posta) ve 143 numaral\u0131 temas noktas\u0131 (IMAP – e-posta) \u00fczerinden gelen trafi\u011fi kaydeden<\/strong> bir komut belgesi kulland\u0131\u011f\u0131n\u0131 kelamlar\u0131na ekledi.\u00a0Qihoo ara\u015ft\u0131rmac\u0131lar\u0131, bilgisayar korsanlar\u0131n\u0131n neden FTP ve e-posta trafi\u011fi toplad\u0131\u011f\u0131n\u0131 kestirim etmediklerini, lakin yap\u0131lan g\u00f6r\u00fc\u015fmelerde, bir g\u00fcvenlik ara\u015ft\u0131rmac\u0131s\u0131 bunun klasik bir ke\u015fif operasyonu \u00fczere g\u00f6r\u00fcnd\u00fc\u011f\u00fcne dikkat \u00e7ektikten sonra durumun a\u00e7\u0131\u011fa \u00e7\u0131kt\u0131\u011f\u0131n\u0131 s\u00f6yledi.<\/p>\n

<\/p>\n

Ek olarak, \u00f6b\u00fcr bir kaynaktan, k\u00fcmenin ak\u0131n kampanyas\u0131n\u0131n fark edilmedi\u011finin\u00a0ve \u00f6teki siber g\u00fcvenlik firmalar\u0131 taraf\u0131ndan m\u00fc\u015fahede alt\u0131nda tutuldu\u011funun da anla\u015f\u0131ld\u0131\u011f\u0131 bildirildi.\u00a0Ancak k\u00fcmenin rastgele bir sunucu altyap\u0131s\u0131n\u0131 yahut makus gayeli yaz\u0131l\u0131m \u00f6rne\u011fini bilinen \u00f6b\u00fcr bir bilgisayar korsanl\u0131\u011f\u0131 k\u00fcmesiyle payla\u015fmad\u0131\u011f\u0131 s\u00f6ylendi; bu nedenle \u015fimdilik yeni bir k\u00fcme \u00fczere g\u00f6r\u00fcnd\u00fc\u011f\u00fc payla\u015f\u0131ld\u0131.<\/p>\n

Bir k\u00fcme hacker daha var<\/b><\/p>\n

<\/p>\n

DrayTek ayg\u0131tlar\u0131 Qihoo'nun \u2018Sald\u0131r\u0131 K\u00fcmesi B\u2019 ismini verdi\u011fi ikinci bir k\u00fcme taraf\u0131ndan da berbata kullan\u0131ld\u0131. Bu k\u00fcme farkl\u0131 g\u00fcnlerde <\/strong>ortaya \u00e7\u0131kt\u0131, lakin bilgisayar korsanlar\u0131 bunu kendileri ke\u015ffetmedi.\u00a0Qihoo'ya nazaran, bilgisayar korsanlar\u0131 bu ikinci sald\u0131r\u0131y\u0131, muhakkak y\u00f6nlendiricilerde art kap\u0131 hesaplar\u0131 olu\u015fturmak i\u00e7in “rtick” s\u00fcrecindeki bir yanl\u0131\u015ftan yararlanarak ger\u00e7ekle\u015ftirdi. Bu hesaplarla ne yapt\u0131klar\u0131 ise hala tam olarak bilinmiyor. \u015eirket, hususla ilgili ara\u015ft\u0131rmalar\u0131n\u0131 s\u00fcrd\u00fcrmeye ve yeni bilgiler yay\u0131nlamaya devam ediyor.<\/p>\n

<\/div>\n","protected":false},"excerpt":{"rendered":"

\u015eirketin bildirdi\u011fine nazaran iki farkl\u0131 k\u00fcme bulunuyor. \u0130ki hacker k\u00fcmesinden birincisinin daha karma\u015f\u0131k oldu\u011fu g\u00f6r\u00fcl\u00fcyor. Qihoo'ya nazaran …<\/p>\n","protected":false},"author":1,"featured_media":19517,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[15],"tags":[1007,3672,1471],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=\/wp\/v2\/posts\/19516"}],"collection":[{"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=19516"}],"version-history":[{"count":1,"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=\/wp\/v2\/posts\/19516\/revisions"}],"predecessor-version":[{"id":19518,"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=\/wp\/v2\/posts\/19516\/revisions\/19518"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=\/wp\/v2\/media\/19517"}],"wp:attachment":[{"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=19516"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=19516"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=19516"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}