![\"wild_neutron_en_6\"](\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/91\/2015\/07\/06014439\/wild_neutron_en_6.png\")
<\/a><\/p>\n2013 sonlar\u0131nda, 2014 ba\u015flar\u0131nda devam eden sald\u0131r\u0131lar, 2015 y\u0131l\u0131nda yine ortaya \u00e7\u0131kt\u0131. Eylemci, \u00e7al\u0131nm\u0131\u015f ge\u00e7erli bir do\u011frulama sertifikas\u0131 ve bilinmeyen bir Flash Player a\u00e7\u0131\u011f\u0131n\u0131 kullanarak d\u00fcnyan\u0131n her yerinde kurum ve \u00f6zel ki\u015filere sald\u0131rarak hassas ticari bilgileri \u00e7al\u0131yor.<\/p>\n
Kaspersky Lab ara\u015ft\u0131rmac\u0131lar\u0131 aralar\u0131nda Fransa, Rusya, \u0130svi\u00e7re, Almanya, Avusturya, Filistin, Slovenya, Kazakistan, BAE, Cezayir ve Birle\u015fik Devletler\u2019in oldu\u011fu 11 \u00fclke ve \u00f6zerk b\u00f6lgede Wild Neutron hedeflerini tespit etti. Hedefler aras\u0131nda hukuk b\u00fcrolar\u0131, bitcoin \u015firketleri, yat\u0131r\u0131mc\u0131l\u0131k organizasyonlar\u0131, BT, sa\u011fl\u0131k, emlak, Birle\u015fme ve Sat\u0131n alma i\u015fleri yapan b\u00fcy\u00fck \u015firketler ve bireysel kullan\u0131c\u0131lar var.<\/p>\n
Sald\u0131r\u0131n\u0131n oda\u011f\u0131, bu sald\u0131r\u0131n\u0131n bir ulus devlet sald\u0131r\u0131s\u0131 olmad\u0131\u011f\u0131n\u0131 d\u00fc\u015f\u00fcnd\u00fcr\u00fcyor. Bununla birlikte, kullan\u0131lan s\u0131f\u0131r g\u00fcn sald\u0131r\u0131lar\u0131na, \u00e7ok platformlu k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131mlara ve kullan\u0131lan tekniklere bakt\u0131\u011f\u0131nda Kaspersky Lab ara\u015ft\u0131rmac\u0131lar\u0131, sald\u0131rgan\u0131n b\u00fcy\u00fck olas\u0131l\u0131kla ekonomik nedenlerle eyleme ge\u00e7en bir casusluk olu\u015fumu oldu\u011funu d\u00fc\u015f\u00fcn\u00fcyor.<\/p>\n
Son sald\u0131r\u0131lar\u0131n ilk bula\u015fma vekt\u00f6r\u00fc hala bilinmiyor, bununla beraber, s\u0131z\u0131lan internet sitelerindeki bilinmeyen bir Flash Player a\u00e7\u0131\u011f\u0131n\u0131 kullanan bir kitin, kullan\u0131c\u0131lara sald\u0131rd\u0131\u011f\u0131n\u0131 g\u00f6steren belirtiler var. Sald\u0131r\u0131, kurban sisteme bir k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m teslim paketi b\u0131rak\u0131yor.<\/p>\n
Kaspersky Lab ara\u015ft\u0131rmac\u0131lar\u0131 sald\u0131r\u0131 s\u0131ras\u0131nda kullan\u0131lan teslim paketinin yasal bir kod do\u011frulama sertifikas\u0131 ile imzalanm\u0131\u015f oldu\u011funu g\u00f6zlemledi. Sertifika kullan\u0131m\u0131, k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m\u0131n baz\u0131 koruma \u00e7\u00f6z\u00fcmleri taraf\u0131ndan fark edilmesini \u00f6nl\u00fcyor. Wild Neutron sald\u0131r\u0131lar\u0131ndan kullan\u0131lan sertifika g\u00f6r\u00fcn\u00fc\u015fe g\u00f6re, \u00e7ok bilinen bir t\u00fcketici elektroni\u011fi \u00fcreticisinden \u00e7al\u0131nm\u0131\u015f. Sertifika \u015fimdi iptal edilmekte.<\/p>\n
Paket sisteme girdikten sonra, ana arka kap\u0131y\u0131 kuruyor.<\/p>\n
\u0130\u015flevsellik a\u00e7\u0131s\u0131ndan, ana arka kap\u0131n\u0131n Uzaktan Eri\u015fim Ara\u00e7lar\u0131\u2019ndan (RAT\u2019ler) hi\u00e7 bir fark\u0131 yok. S\u0131ra d\u0131\u015f\u0131 olan, sald\u0131rgan\u0131n komut ve kontrol sunucusu (C&C) adresini saklamak i\u00e7in g\u00f6sterdi\u011fi \u00e7aba ve bir C&C kapatma i\u015fleminden kurtulma yetene\u011fi. Komut ve kontrol sunucusu, kurban\u0131n cihazlar\u0131na kurulan k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131mlara bir \u00fcs gibi hizmet verdi\u011fi i\u00e7in, k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m alt yap\u0131s\u0131n\u0131n \u00f6nemli bir par\u00e7as\u0131. Sald\u0131rganlar, sald\u0131r\u0131 alt yap\u0131s\u0131n\u0131 her hangi bir olas\u0131 C&C kapatma i\u015flemine kar\u015f\u0131 koruyabilmek i\u00e7in k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m i\u00e7inde \u00f6zel \u00f6nlemler al\u0131rlar.<\/p>\n
K\u00f6keni gizemli<\/strong><\/p>\n Sald\u0131rganlar\u0131n k\u00f6keni hala bir muamma. Baz\u0131 \u00f6rneklerde, \u015fifreli yap\u0131land\u0131rma dosyas\u0131nda C&C ileti\u015fimin sonunu i\u015faretlemek i\u00e7in \u201cLa revedere\u201d (Rumence\u2019de \u201cHo\u015f\u00e7a kal\u201d) dizesi kullan\u0131lm\u0131\u015f. Buna ek olarak, Kaspersky Lab ara\u015ft\u0131rmac\u0131lar\u0131, bir ba\u015fka \u0130ngilizce olmayan dize, Rus\u00e7a \u201c???????\u201d (\u201cuspeshno\u201d -> \u201cba\u015far\u0131l\u0131\u201d) s\u00f6zc\u00fc\u011f\u00fcn\u00fcn Latince yaz\u0131l\u0131\u015f\u0131n\u0131 buldu.<\/p>\n \u201cWild Neutron yetenekli ve olduk\u00e7a \u00e7ok y\u00f6nl\u00fc bir grup. 2011 y\u0131l\u0131ndan beri aktif, en az bir s\u0131f\u0131r g\u00fcn a\u00e7\u0131\u011f\u0131, Windows ve OS X i\u00e7in \u00f6zel k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131mlar ve ara\u00e7lar kullan\u0131yor. Her ne kadar ge\u00e7mi\u015fte, d\u00fcnyada en \u00e7ok tan\u0131nan \u015firketlerin baz\u0131lar\u0131na sald\u0131rm\u0131\u015f olsa da, kulland\u0131\u011f\u0131 g\u00fc\u00e7l\u00fc operasyonel g\u00fcvenlik \u00fczerinden pek \u00e7ok tan\u0131mlama \u00e7abas\u0131n\u0131 bo\u015fa \u00e7\u0131kart\u0131p, g\u00f6receli olarak d\u00fc\u015f\u00fck bir profil s\u00fcrd\u00fcrmeyi ba\u015fard\u0131. Grubun b\u00fcy\u00fck BT \u015firketlerini, casus yaz\u0131l\u0131m \u00fcreticilerini (FlexiSPY), Cihat\u00e7\u0131 forumlar\u0131 (Ensar El-M\u00fccahidin \u0130ngilizce Forumu) ve Bitcoin \u015firketlerini hedef alabilmesi, esnek oldu\u011fu kadar az rastlan\u0131r bir d\u00fc\u015f\u00fcnce yap\u0131s\u0131 ve ilgi alanlar\u0131na sahip oldu\u011funu g\u00f6steriyor,\u201d diyor Kaspersky Lab Global Ara\u015ft\u0131rma ve Analiz Ekibi Ba\u015fkan\u0131 Costin Raiu.<\/p>\n Kaspersky Lab \u00fcr\u00fcnleri, Trojan.Win32.WildNeutron.gen, Trojan.Win32.WildNeutron.*, Trojan.Win32.JripBot.*, Trojan.Win32.Generic. isimleri ile Wild Neutron tehdidini ba\u015far\u0131l\u0131 bir \u015fekilde tespit edip engelleyebiliyor.<\/p>\n Wild Neutron korsan grubu hakk\u0131nda daha fazla bilgi edinmek i\u00e7in Securelist.com<\/a> adresindeki blog iletilerini okuyabilirsiniz.<\/p>\n