{"id":14496,"date":"2026-05-05T17:56:27","date_gmt":"2026-05-05T14:56:27","guid":{"rendered":"https:\/\/www.kaspersky.com.tr\/blog\/?p=14496"},"modified":"2026-05-05T17:56:27","modified_gmt":"2026-05-05T14:56:27","slug":"daemon-tools-supply-chain-attack","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com.tr\/blog\/daemon-tools-supply-chain-attack\/14496\/","title":{"rendered":"DAEMON Tools arac\u0131l\u0131\u011f\u0131yla ger\u00e7ekle\u015ftirilen tedarik zinciri sald\u0131r\u0131s\u0131"},"content":{"rendered":"

Uzmanlar\u0131m\u0131z, optik s\u00fcr\u00fcc\u00fcleri taklit eden bir yaz\u0131l\u0131m olan DAEMON Tools arac\u0131l\u0131\u011f\u0131yla ger\u00e7ekle\u015ftirilen b\u00fcy\u00fck \u00f6l\u00e7ekli bir tedarik zinciri sald\u0131r\u0131s\u0131 ke\u015ffetti. Sald\u0131rganlar, yaz\u0131l\u0131m y\u00fckleyicilerine k\u00f6t\u00fc ama\u00e7l\u0131 kod enjekte etmeyi ba\u015fard\u0131 ve trojanize edilmi\u015f t\u00fcm y\u00fcr\u00fct\u00fclebilir dosyalar, DAEMON Tools\u2019un geli\u015ftiricisi olan AVB Disc Soft\u2019un ge\u00e7erli dijital imzas\u0131yla imzalanm\u0131\u015f durumda. Program\u0131n k\u00f6t\u00fc ama\u00e7l\u0131 s\u00fcr\u00fcm\u00fc 8 Nisan 2026\u2019dan beri dola\u015f\u0131mda. Bu yaz\u0131n\u0131n yaz\u0131ld\u0131\u011f\u0131 s\u0131rada sald\u0131r\u0131 hala devam ediyor. Kaspersky ara\u015ft\u0131rmac\u0131lar\u0131 bunun hedefli bir sald\u0131r\u0131 oldu\u011funa inan\u0131yor.<\/p>\n

DAEMON Tools\u2019un k\u00f6t\u00fc ama\u00e7l\u0131 s\u00fcr\u00fcm\u00fcn\u00fc y\u00fcklemenin riskleri nelerdir?<\/h2>\n

Truva at\u0131 i\u00e7eren yaz\u0131l\u0131m kurban\u0131n bilgisayar\u0131na y\u00fcklendikten sonra, sistem her ba\u015flat\u0131ld\u0131\u011f\u0131nda k\u00f6t\u00fc ama\u00e7l\u0131 bir dosya \u00e7al\u0131\u015ft\u0131r\u0131l\u0131r ve bir komuta ve kontrol sunucusuna istek g\u00f6nderilir. Buna yan\u0131t olarak sunucu, ek k\u00f6t\u00fc ama\u00e7l\u0131 y\u00fckleri indirmek ve \u00e7al\u0131\u015ft\u0131rmak i\u00e7in bir komut g\u00f6nderebilir.<\/p>\n

\u0130lk olarak, sald\u0131rganlar MAC adresini, ana bilgisayar ad\u0131n\u0131, DNS etki alan\u0131 ad\u0131n\u0131, \u00e7al\u0131\u015fan i\u015flemlerin ve y\u00fckl\u00fc yaz\u0131l\u0131mlar\u0131n listesini ve dil ayarlar\u0131n\u0131 toplayan bir bilgi toplay\u0131c\u0131 da\u011f\u0131t\u0131r. Ard\u0131ndan k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m bu bilgileri komuta ve kontrol sunucusuna g\u00f6nderir.<\/p>\n

Baz\u0131 durumlarda, toplanan bilgilere yan\u0131t olarak komuta sunucusu kurban\u0131n makinesine minimalist bir arka kap\u0131 g\u00f6nderir. Bu arka kap\u0131, ek k\u00f6t\u00fc ama\u00e7l\u0131 y\u00fckleri indirebilir, kabuk komutlar\u0131n\u0131 \u00e7al\u0131\u015ft\u0131rabilir ve bellekte kabuk kodu mod\u00fcllerini \u00e7al\u0131\u015ft\u0131rabilir.<\/p>\n

Arka kap\u0131, QUIC RAT olarak adland\u0131r\u0131lan daha sofistike bir implant\u0131 da\u011f\u0131tmak i\u00e7in kullan\u0131labilir. Komuta ve kontrol sunucusuyla birden fazla ileti\u015fim protokol\u00fcn\u00fc destekler ve notepad.exe <\/em>ve conhost.exe <\/em>i\u015flemlerine k\u00f6t\u00fc ama\u00e7l\u0131 y\u00fckler enjekte edebilir.<\/p>\n

Daha ayr\u0131nt\u0131l\u0131 teknik bilgiler ve sald\u0131r\u0131 g\u00f6stergeleri, Securelist blogundaki uzmanlar\u0131n makalesinde<\/a> bulunabilir.<\/p>\n

Hedef kimler?<\/h2>\n

Nisan ba\u015f\u0131ndan bu yana, vir\u00fcsl\u00fc DAEMON Tools yaz\u0131l\u0131m\u0131 arac\u0131l\u0131\u011f\u0131yla ek k\u00f6t\u00fc ama\u00e7l\u0131 y\u00fckler y\u00fcklemeye y\u00f6nelik birka\u00e7 bin giri\u015fim tespit edildi. Vir\u00fcs bula\u015fm\u0131\u015f cihazlar\u0131n \u00e7o\u011fu ev kullan\u0131c\u0131lar\u0131na aitti, ancak y\u00fckleme giri\u015fimlerinin yakla\u015f\u0131k %10\u2019u kurulu\u015flarda \u00e7al\u0131\u015fan sistemlerde tespit edildi. Co\u011frafi olarak, kurbanlar yakla\u015f\u0131k y\u00fcz farkl\u0131 \u00fclke ve b\u00f6lgeye yay\u0131lm\u0131\u015ft\u0131. Kurbanlar\u0131n \u00e7o\u011fu Rusya, Brezilya, T\u00fcrkiye, \u0130spanya, Almanya, Fransa, \u0130talya ve \u00c7in\u2019de bulunuyordu.<\/p>\n

\u00c7o\u011fu durumda, sald\u0131r\u0131 bir bilgi toplay\u0131c\u0131n\u0131n y\u00fcklenmesiyle s\u0131n\u0131rl\u0131yd\u0131. Arka kap\u0131, Rusya, Beyaz Rusya ve Tayland\u2019daki perakende i\u015fletmelerin yan\u0131 s\u0131ra h\u00fck\u00fcmet, bilim ve imalat kurulu\u015flar\u0131ndaki yaln\u0131zca bir d\u00fczine makineyi etkiledi.<\/p>\n

Tam olarak ne bula\u015ft\u0131?<\/h2>\n

K\u00f6t\u00fc ama\u00e7l\u0131 kod, 12.5.0.2421 ile 12.5.0.2434 aras\u0131ndaki DAEMON Tools s\u00fcr\u00fcmlerinde tespit edildi. Sald\u0131rganlar, DAEMON Tools ana dizinine y\u00fcklenen DTHelper.exe<\/em>, DiscSoftBusServiceLite.exe <\/em>ve DTShellHlp.exe <\/em>dosyalar\u0131n\u0131 ele ge\u00e7irdi.<\/p>\n

Nas\u0131l g\u00fcvende kalabilirsiniz?<\/h2>\n

Bilgisayar\u0131n\u0131zda (veya kurulu\u015funuzun ba\u015fka bir yerinde) DAEMON Tools yaz\u0131l\u0131m\u0131 kullan\u0131l\u0131yorsa, uzmanlar\u0131m\u0131z 8 Nisan\u2019dan itibaren bu yaz\u0131l\u0131m\u0131n y\u00fckl\u00fc oldu\u011fu bilgisayarlar\u0131 ola\u011fand\u0131\u015f\u0131 etkinlikler a\u00e7\u0131s\u0131ndan kapsaml\u0131 bir \u015fekilde kontrol etmenizi \u00f6nerir.<\/p>\n

Ayr\u0131ca, internete eri\u015fim i\u00e7in kullan\u0131lan t\u00fcm ev<\/a> ve kurumsal<\/a> bilgisayarlarda g\u00fcvenilir g\u00fcvenlik \u00e7\u00f6z\u00fcmleri kullanman\u0131z\u0131 \u00f6neririz. \u00c7\u00f6z\u00fcmlerimiz, DAEMON Tools arac\u0131l\u0131\u011f\u0131yla tedarik zinciri sald\u0131r\u0131s\u0131nda kullan\u0131lan t\u00fcm k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131mlardan kullan\u0131c\u0131lar\u0131 ba\u015far\u0131yla korur.<\/p>\n\n","protected":false},"excerpt":{"rendered":"

Disk g\u00f6r\u00fcnt\u00fclerini monte etmek i\u00e7in kullan\u0131lan pop\u00fcler bir yaz\u0131l\u0131m arac\u0131l\u0131\u011f\u0131yla ger\u00e7ekle\u015ftirilen hedefli bir tedarik zinciri sald\u0131r\u0131s\u0131.<\/p>\n","protected":false},"author":2706,"featured_media":14497,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1726,1194,1727],"tags":[728,1753,1588],"class_list":{"0":"post-14496","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-enterprise","8":"category-business","9":"category-smb","10":"tag-kotu-amacli-yazilim","11":"tag-rat","12":"tag-tedarik-zinciri-saldirisi"},"hreflang":[{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/daemon-tools-supply-chain-attack\/14496\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/daemon-tools-supply-chain-attack\/30691\/"},{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/daemon-tools-supply-chain-attack\/25743\/"},{"hreflang":"ar","url":"https:\/\/me.kaspersky.com\/blog\/daemon-tools-supply-chain-attack\/13373\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/daemon-tools-supply-chain-attack\/30542\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/daemon-tools-supply-chain-attack\/29178\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/daemon-tools-supply-chain-attack\/32085\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/daemon-tools-supply-chain-attack\/30639\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/daemon-tools-supply-chain-attack\/41798\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/daemon-tools-supply-chain-attack\/55691\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/daemon-tools-supply-chain-attack\/23879\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/daemon-tools-supply-chain-attack\/24956\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/daemon-tools-supply-chain-attack\/33451\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/daemon-tools-supply-chain-attack\/30625\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/daemon-tools-supply-chain-attack\/36200\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/daemon-tools-supply-chain-attack\/36093\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com.tr\/blog\/tag\/tedarik-zinciri-saldirisi\/","name":"Tedarik zinciri sald\u0131r\u0131s\u0131"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/14496","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/users\/2706"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/comments?post=14496"}],"version-history":[{"count":3,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/14496\/revisions"}],"predecessor-version":[{"id":14500,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/14496\/revisions\/14500"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media\/14497"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media?parent=14496"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/categories?post=14496"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/tags?post=14496"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}