{"id":23479,"date":"2022-05-08T16:42:02","date_gmt":"2022-05-08T13:42:02","guid":{"rendered":"https:\/\/kutaybilen.com.tr\/?p=23479"},"modified":"2022-05-08T16:42:02","modified_gmt":"2022-05-08T13:42:02","slug":"rus-hackerlar-hucumlarda-gmaili-kullaniyormus","status":"publish","type":"post","link":"https:\/\/kutaybilen.com.tr\/?p=23479","title":{"rendered":"Rus Hackerlar, H\u00fccumlarda Gmail\u2019i Kullan\u0131yormu\u015f"},"content":{"rendered":"<p>Siber g\u00fcvenlik ara\u015ft\u0131rmac\u0131lar\u0131, \u00e7e\u015fitli devletlerin kurumlar\u0131na yapt\u0131klar\u0131 h\u00fccumlarla tan\u0131nan Rus hacker k\u00fcmesi <strong>Turla\u2019n\u0131n<\/strong> bilinen yaz\u0131l\u0131m ara\u00e7lar\u0131ndan ComRAT\u2019\u0131n geli\u015fmi\u015f bir s\u00fcr\u00fcm\u00fcn\u00fc ortaya \u00e7\u0131kard\u0131klar\u0131n\u0131 a\u00e7\u0131klad\u0131lar.\u00a0<\/p>\n<p>Siber g\u00fcvenlik \u015firketi ESET\u2019ten yap\u0131lan a\u00e7\u0131klamada, Turla\u2019n\u0131n <strong>ComRAT\u2019a<\/strong> komut g\u00f6ndermek ve elde edilen bilgilere ula\u015fmak i\u00e7in Gmail\u2019i kulland\u0131\u011f\u0131 a\u00e7\u0131kland\u0131. ESET, Turla\u2019n\u0131n siber h\u00fccum i\u00e7in al\u0131\u015f\u0131lm\u0131\u015f\u0131n d\u0131\u015f\u0131nda prosed\u00fcrleri kulland\u0131\u011f\u0131n\u0131, Gmail\u2019in kullan\u0131lmas\u0131n\u0131n da bu\u00a0al\u0131\u015f\u0131lmam\u0131\u015f usullerden oldu\u011fu belirtti.\u00a0<\/p>\n<p>Rus hacker k\u00fcmesi T\u0131pla, 2004 y\u0131l\u0131ndan beri farkl\u0131 \u00fclkelerin askeri ve sivil kurumlar\u0131na yapt\u0131klar\u0131 ataklarla \u00fcn kazanm\u0131\u015ft\u0131. Hacker k\u00fcmesinin kulland\u0131\u011f\u0131 ara\u00e7lar\u0131ndan en tesirlisi olan ComRAT\u2019\u0131n geli\u015ftirilme tarihi <strong>2007<\/strong> y\u0131l\u0131na kadar dayan\u0131yor.\u00a0<\/p>\n<p><img decoding=\"async\" src=\"https:\/\/www.webtekno.com\/images\/editor\/default\/0002\/65\/88c7be4d6c1771937809b0f2605f75c60ef78737.jpeg\"\/><\/p>\n<p><strong>ABD Merkez Komutanl\u0131\u011f\u0131\u2019n\u0131n<\/strong> Afganistan ve Irak sava\u015f b\u00f6lgelerini denetlemek i\u00e7in kulland\u0131\u011f\u0131 bilgisayarlar dahil olmak \u00fczere bir\u00e7ok devlet kurumunun bilgisayar\u0131n\u0131 maksat ald\u0131\u011f\u0131 belirlenen ComRAT sayesinde Turla\u2019n\u0131n k\u0131ymetli bilgilere ula\u015ft\u0131\u011f\u0131 d\u00fc\u015f\u00fcn\u00fcl\u00fcyor.\u00a0<\/p>\n<p>ComRAT\u2019\u0131n mevcut versiyonu <strong>ESET<\/strong> taraf\u0131ndan birinci olarak 2017 y\u0131l\u0131nda tespit edildi. Turla\u2019n\u0131n siber atak arac\u0131 o g\u00fcnden bu yana Do\u011fu Avrupa\u2019daki iki \u00fclkenin d\u0131\u015fi\u015fleri bakanl\u0131\u011f\u0131n\u0131n ve Kafkasya\u2019da bulunan bir parlamentonun bilgisayarlar\u0131n\u0131\u00a0hedef ald\u0131.<\/p>\n<p><img decoding=\"async\" src=\"https:\/\/www.webtekno.com\/images\/editor\/default\/0002\/65\/d97b8f17ebf8e4269ccf946e133f11cd109e633a.jpeg\"\/><\/p>\n<p>ESET\u2019in yapt\u0131\u011f\u0131 yeni ara\u015ft\u0131rmada ComRAT\u2019\u0131n son versiyonunun 2020 ba\u015f\u0131nda <strong>hala etkin <\/strong>olarak kullan\u0131ld\u0131\u011f\u0131 belirlendi. ESET, Turla\u2019n\u0131n ComRAT\u2019a komut g\u00f6ndermek ve denetim etmek i\u00e7in Gmail\u2019in kullan\u0131c\u0131 aray\u00fcz\u00fcn\u00fcn yan\u0131nda eski bir HTTP ba\u011flant\u0131 kanal\u0131n\u0131\u00a0kulland\u0131\u011f\u0131n\u0131 a\u00e7\u0131klad\u0131.\u00a0<\/p>\n<p>Kas\u0131m 2019\u2019da derlendi\u011fi belirlenen ComRAT\u2019\u0131n yeni versiyonu, T\u0131pla operat\u00f6rleri taraf\u0131ndan ba\u015fka e-posta sa\u011flay\u0131c\u0131lar\u0131ndan g\u00f6nderilen \u015fifreli komutlar\u0131 i\u00e7eren posta eklerini indirmek i\u00e7in <strong>Gmail\u2019e<\/strong> ba\u011flan\u0131yor.\u00a0<\/p>\n<p><b>Turla\u2019n\u0131n \u00f6zel taarruz arac\u0131 ComRAT\u2019\u0131n yeni versiyonunun ayr\u0131nt\u0131lar\u0131<\/b><\/p>\n<p><img decoding=\"async\" src=\"https:\/\/www.webtekno.com\/images\/editor\/default\/0002\/65\/664c0c2972ffd1eada5ec0a5bc6abd41f16a8a45.jpeg\"\/><\/p>\n<p>ComRAT\u2019\u0131n yeni versiyonu evvelki ComRAT s\u00fcr\u00fcmlerine k\u0131yasla hayli karma\u015f\u0131k yeni bir kod yap\u0131s\u0131na sahip durumda. ESET, son versiyonun eski HTTP C&#038;C protokol\u00fcne sahip oldu\u011funu ve Turla\u2019n\u0131n \u00f6teki bir makus emelli yaz\u0131l\u0131m\u0131yla birtak\u0131m a\u011f altyap\u0131lar\u0131n\u0131 <strong>payla\u015ft\u0131\u011f\u0131n\u0131<\/strong> a\u00e7\u0131klad\u0131.\u00a0<\/p>\n<p>ComRAT V4 olarak isimlendirilen son versiyon sayesinde \u00e7al\u0131nan bilgiler, Turla\u2019n\u0131n ba\u015fka ara\u00e7lar\u0131yla g\u00fcvenli\u011fi ihlal edilmi\u015f sistemlerine ula\u015ft\u0131r\u0131ld\u0131. G\u00fcvenli\u011fi ihlal edilmi\u015f \u00f6teki bir ayg\u0131ta g\u00f6nderilen bilgilerin d\u0131\u015far\u0131 aktar\u0131lmas\u0131 i\u00e7in ise <strong>4shared<\/strong> ve <strong>OneDrive <\/strong>\u00fczere bulut hizmetleri kullan\u0131ld\u0131\u011f\u0131 belirlendi.\u00a0<\/p>\n<p>ESET, Turla\u2019n\u0131n yaz\u0131l\u0131m ara\u00e7lar\u0131n\u0131 geli\u015ftirmek ve g\u00fcvenlik yaz\u0131l\u0131mlar\u0131ndan ka\u00e7\u0131nmak i\u00e7in de\u011ferli bir \u00e7al\u0131\u015fma y\u00fcr\u00fctt\u00fc\u011f\u00fcn\u00fc de a\u00e7\u0131klad\u0131. ESET\u2019e nazaran \u00c7e\u015fitle yaz\u0131l\u0131m \u00f6rneklerinin alg\u0131lan\u0131p alg\u0131lanmad\u0131\u011f\u0131n\u0131 anlamak i\u00e7in <strong>g\u00fcvenlikle<\/strong> <strong>ilgili<\/strong> <strong>belgelerini<\/strong> sistemli olarak geni\u015fletiyor.\u00a0<\/p>\n<p><b>ComRAT, g\u00fcvenlik yaz\u0131l\u0131mlar\u0131n\u0131 atlatmak i\u00e7in \u00f6zel olarak tasarland\u0131<\/b><\/p>\n<p><img decoding=\"async\" src=\"https:\/\/www.webtekno.com\/images\/editor\/default\/0002\/65\/15f56822e17f1c87a658d94ce0c4bd7af452f80b.jpeg\"\/><\/p>\n<p>ESET\u2019te misyonlu olan berbat emelli yaz\u0131l\u0131m ara\u015ft\u0131rmac\u0131s\u0131 Matthieu Faou, ComRAT\u2019\u0131n son versiyonunun Turla\u2019n\u0131n <strong>geli\u015fim\u00a0d\u00fczeyini<\/strong> ve girmeyi ba\u015fard\u0131klar\u0131 bilgisayarda uzun m\u00fchlet kalmay\u0131 d\u00fc\u015f\u00fcnd\u00fcklerini g\u00f6sterdi\u011fini s\u00f6yledi.\u00a0<\/p>\n<p>Faou, ComRAT\u2019\u0131n son versiyonunun Gmail\u2019in web s\u00fcr\u00fcm\u00fcn\u00fcn <strong>kullan\u0131c\u0131<\/strong> <strong>aray\u00fcz\u00fcn\u00fc<\/strong> kullanmas\u0131 nedeniyle g\u00fcvenlik yaz\u0131l\u0131mlar\u0131n\u0131n denetimlerinden ka\u00e7abildi\u011fini s\u00f6yledi. Faou, ata\u011fa u\u011frayan bilgisayarlarda yapt\u0131klar\u0131 inceleme sonucunda ComRAT\u2019\u0131n Cinsle taraf\u0131ndan kullan\u0131ld\u0131\u011f\u0131n\u0131 belirlediklerini s\u00f6yledi.\u00a0<\/p>\n<p>ComRAT\u2019\u0131n son versiyonunun ESET taraf\u0131ndan belirlenmesinin yan\u0131nda bu ay\u0131n ba\u015f\u0131nda Kaspersky de bir T\u0131pla yaz\u0131l\u0131m\u0131 tespit etti. Kaspersky\u2019den yap\u0131lan a\u00e7\u0131klamada <strong>COMpfun<\/strong> ismi verilen arac\u0131n Avrupa\u2019daki diplomatik kurumlara y\u00f6nelik h\u00fccumlarda kullan\u0131ld\u0131\u011f\u0131 a\u00e7\u0131kland\u0131.\u00a0<\/p>\n<div> <\/div>\n","protected":false},"excerpt":{"rendered":"<p>Siber g\u00fcvenlik ara\u015ft\u0131rmac\u0131lar\u0131, \u00e7e\u015fitli devletlerin kurumlar\u0131na yapt\u0131klar\u0131 h\u00fccumlarla tan\u0131nan Rus hacker k\u00fcmesi Turla\u2019n\u0131n bilinen yaz\u0131l\u0131m &#8230;<\/p>\n","protected":false},"author":1,"featured_media":23480,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[15],"tags":[4199,1125,1104,3130,1237],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=\/wp\/v2\/posts\/23479"}],"collection":[{"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=23479"}],"version-history":[{"count":1,"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=\/wp\/v2\/posts\/23479\/revisions"}],"predecessor-version":[{"id":23481,"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=\/wp\/v2\/posts\/23479\/revisions\/23481"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=\/wp\/v2\/media\/23480"}],"wp:attachment":[{"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=23479"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=23479"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=23479"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}