{"id":1743,"date":"2015-08-28T06:41:44","date_gmt":"2015-08-28T10:41:44","guid":{"rendered":"https:\/\/www.kaspersky.com.tr\/blog\/?p=1743"},"modified":"2019-11-15T15:03:03","modified_gmt":"2019-11-15T12:03:03","slug":"bu-siber-casusluk-kampanyasi-yuksek-profilli-japon-hedeflerin-pesinde","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com.tr\/blog\/bu-siber-casusluk-kampanyasi-yuksek-profilli-japon-hedeflerin-pesinde\/1743\/","title":{"rendered":"Bu Siber Casusluk Kampanyas\u0131 Y\u00fcksek Profilli Japon Hedeflerin Pe\u015finde"},"content":{"rendered":"<p>Kaspersky Lab\u2019\u0131n Global Ara\u015ft\u0131rma ve Analiz Ekibi, son iki y\u0131lda Japonya\u2019dan y\u00fczlerce kurumu hedefleyen bir siber casusluk kampanyas\u0131 olan Blue Termite\u2019i ke\u015ffetti. Bu, Kaspersky Lab\u2019in \u00f6zellikle Japon hedeflere odaklanm\u0131\u015f ve halen aktif oldu\u011funu g\u00f6rd\u00fc\u011f\u00fc ilk kampanya.<\/p>\n<p>Ekim 2014\u2019te Kaspersky Lab ara\u015ft\u0131rmac\u0131lar\u0131, karma\u015f\u0131kl\u0131\u011f\u0131yla di\u011ferlerinden ayr\u0131lan ve daha \u00f6nce g\u00f6r\u00fclmemi\u015f olan bir zararl\u0131 yaz\u0131l\u0131m \u00f6rne\u011fiyle kar\u015f\u0131la\u015ft\u0131. Ard\u0131ndan yap\u0131lan analizler bu \u00f6rne\u011fin b\u00fcy\u00fck ve sofistike bir siber casusluk kampanyas\u0131n\u0131n sadece k\u00fc\u00e7\u00fck bir par\u00e7as\u0131 oldu\u011funu g\u00f6sterdi. Hedeflenen sekt\u00f6rler listesinde resmi kurumlar, finans, kimya, uydu, medya, e\u011fitim kurumlar\u0131, sa\u011fl\u0131k, g\u0131da end\u00fcstrisi gibi sekt\u00f6rler var<\/p>\n<p>\u00c7e\u015fitli bula\u015ft\u0131rma teknikleri kullan\u0131l\u0131yor<\/p>\n<p>Blue Termite operat\u00f6rleri kurbanlar\u0131na vir\u00fcs bula\u015ft\u0131rmak i\u00e7in farkl\u0131 tekniklerden faydalan\u0131yor. Temmuz 2015\u2019ten \u00f6nce genellikle, kurban\u0131n ilgisini \u00e7ekmesi muhtemel olan bir e-posta i\u00e7eri\u011fine eklenen zararl\u0131 yaz\u0131l\u0131m\u0131 g\u00f6ndermek anlam\u0131na gelen kimlik avc\u0131l\u0131\u011f\u0131 e-postalar\u0131n\u0131 kullan\u0131yorlard\u0131. Ancak Temmuz ay\u0131nda operat\u00f6rler taktiklerini de\u011fi\u015ftirdi ve zararl\u0131 yaz\u0131l\u0131m\u0131 a\u00e7\u0131klardan yararlanma ama\u00e7l\u0131 s\u0131f\u0131r g\u00fcn Flash kodu yaymaya ba\u015flad\u0131. Sald\u0131rganlar bir\u00e7ok Japon web sitesini hedef ald\u0131. Bu sitelerin ziyaret\u00e7ileri bir a\u00e7\u0131klardan yararlanma ama\u00e7l\u0131 kodu otomatik olarak indirdiklerinde web sitesine giriyor ve vir\u00fcs bula\u015ft\u0131r\u0131yorlard\u0131. Bu, zararl\u0131 indirme tekni\u011fi olarak biliniyor.<\/p>\n<p>S\u0131f\u0131r g\u00fcn a\u00e7\u0131klardan yararlanma ama\u00e7l\u0131 kodlar\u0131n\u0131n uygulanmas\u0131, Temmuz ay\u0131n\u0131n ortalar\u0131nda Kaspersky Lab alg\u0131lama sistemleri taraf\u0131ndan kaydedilen bula\u015fma h\u0131z\u0131nda b\u00fcy\u00fck bir art\u0131\u015fa neden oldu.<\/p>\n<p>Ayr\u0131ca kurbanlar\u0131n profilinin \u00e7\u0131kar\u0131lmas\u0131na y\u00f6nelik denemeler de vard\u0131. \u0130hlal edilen web sitelerinden biri Japonya h\u00fck\u00fcmetinin \u00f6nemli \u00fcyelerinden birine aitti ve di\u011feri ise ziyaret\u00e7ileri, \u00f6zel bir Japon kurumuna ait olan hari\u00e7 t\u00fcm IP\u2019lerden filtreleyen zararl\u0131 bir komut dosyas\u0131 i\u00e7eriyordu. Di\u011fer bir ifadeyle sadece se\u00e7ilen kullan\u0131c\u0131lar zararl\u0131 y\u00fck\u00fc al\u0131yordu.<\/p>\n<p><strong>Sald\u0131r\u0131n\u0131n arkas\u0131nda kim var halen belirsiz<\/strong><\/p>\n<p>Ba\u015far\u0131l\u0131 bir bula\u015ft\u0131rman\u0131n ard\u0131ndan hedeflenen makineye sofistike bir arka kap\u0131 g\u00f6nderiliyor. Arka kap\u0131 parolalar \u00e7alma, ek y\u00fckler indirme ve y\u00fcr\u00fctme, dosyalar\u0131 geri getirme gibi becerilere sahip. Blue Termite akt\u00f6r\u00fc taraf\u0131ndan kullan\u0131lan zararl\u0131 yaz\u0131l\u0131m hakk\u0131ndaki en ilgin\u00e7 \u015feylerden biri de her kurbana, sadece Blue Termite taraf\u0131ndan hedeflenen belirli bir bilgisayar \u00fczerinde \u00e7al\u0131\u015ft\u0131r\u0131labilecek \u015fekilde yap\u0131lm\u0131\u015f benzersiz bir zararl\u0131 yaz\u0131l\u0131m g\u00f6nderilmesi. Kaspersky Lab ara\u015ft\u0131rmac\u0131lar\u0131na g\u00f6re bu, g\u00fcvenlik ara\u015ft\u0131rmac\u0131lar\u0131n\u0131n zararl\u0131 yaz\u0131l\u0131m\u0131 analiz etmesini ve alg\u0131lamas\u0131n\u0131 zorla\u015ft\u0131rmak i\u00e7in yap\u0131ld\u0131.<\/p>\n<p>Bu sald\u0131r\u0131n\u0131n ard\u0131nda kim oldu\u011fu sorusu halen cevaps\u0131z. Genel olarak, s\u00f6z konusu olan sofistike bir siber sald\u0131r\u0131 oldu\u011funda adland\u0131rma son derece zor bir i\u015ftir. Ancak Kaspersky Lab ara\u015ft\u0131rmac\u0131lar\u0131 baz\u0131 dil izleri bulmay\u0131 ba\u015fard\u0131. \u00d6zellikle, Komuta ve Kontrol sunucusunun grafik kullan\u0131c\u0131 arabiriminin yan\u0131 s\u0131ra Blue Termite\u2019de kullan\u0131lan zararl\u0131 yaz\u0131l\u0131ma ili\u015fkin baz\u0131 teknik belgeler \u00c7ince\u2019ydi. Bu, operasyonun ard\u0131ndaki akt\u00f6rlerin bu dili konu\u015fuyor oldu\u011fu anlam\u0131na geliyor olabilir.<\/p>\n<p>Kaspersky Lab ara\u015ft\u0131rmac\u0131lar\u0131 bunun Japonya kurumlar\u0131n\u0131 hedefleyen bir siber casusluk kampanyas\u0131 oldu\u011funu do\u011frulamak i\u00e7in yeteri kadar bilgi edindi\u011finde \u015firketin temsilcileri, yerel emniyet g\u00fc\u00e7lerini bu bulgular hakk\u0131nda bilgilendirdi. Kaspersky Lab\u2019\u0131n ara\u015ft\u0131rmas\u0131 devam etmekte.<\/p>\n<p><strong>Kaspersky Lab G\u00fcvenlik Ara\u015ft\u0131rmac\u0131s\u0131 Suguru Ishimaru<\/strong> \u015funlar\u0131 s\u00f6yledi: <em>\u201cHer ne kadar Blue Termite Japonya\u2019y\u0131 hedefleyen ilk siber casusluk kampanyas\u0131 olmasa da Kaspersky Lab\u2019\u0131n sadece Japon hedeflere odakland\u0131\u011f\u0131n\u0131 g\u00f6rd\u00fc\u011f\u00fc ilk kampanyad\u0131r. Bu, Japonya\u2019da halen ge\u00e7erli olan bir sorundur. Japonya Emeklilik Hizmetlerine yap\u0131lan siber sald\u0131r\u0131n\u0131n geni\u015f \u00e7apta bildirilmeye ba\u015flad\u0131\u011f\u0131 Haziran ay\u0131n\u0131n ba\u015flar\u0131ndan itibaren farkl\u0131 Japonya kurumlar\u0131 koruma \u00f6nlemleri almaya ba\u015flam\u0131\u015ft\u0131r. Ancak bu geli\u015fmeleri muhtemelen yak\u0131ndan izliyor olan sald\u0131rganlar, yeni sald\u0131r\u0131 y\u00f6ntemleri kullanmaya ba\u015flam\u0131\u015f ve etkilerini ba\u015far\u0131l\u0131 bir \u015fekilde art\u0131rm\u0131\u015flard\u0131r.\u201d<\/em><\/p>\n<p>Blue Termite siber casusluk kampanyas\u0131n\u0131n kurban\u0131 olma riskini azaltmak i\u00e7in Kaspersky Lab uzmanlar\u0131 a\u015fa\u011f\u0131daki \u00f6nlemleri tavsiye etmekte:<\/p>\n<ul>\n<li>Yaz\u0131l\u0131mlar\u0131n\u0131z\u0131, \u00f6zelikle de geni\u015f \u00e7apta kullan\u0131lan ve s\u0131k s\u0131k siber su\u00e7lular\u0131n hedefi olan yaz\u0131l\u0131mlar\u0131 g\u00fcncel tutun;<\/li>\n<li>Cihaz\u0131n\u0131zdaki yaz\u0131l\u0131mda herhangi bir zay\u0131f nokta oldu\u011funu biliyorsan\u0131z ve hen\u00fcz bir yamas\u0131 yoksa, bu yaz\u0131l\u0131m\u0131 kullanmamaya \u00f6zen g\u00f6sterin;<\/li>\n<li>Eklentiler bulunan e-postalar\u0131 \u015f\u00fcpheyle kar\u015f\u0131lay\u0131n;<\/li>\n<li>Kendini kan\u0131tlam\u0131\u015f bir yaz\u0131l\u0131m \u00f6nleme \u00e7\u00f6z\u00fcm\u00fc kullan\u0131n.<\/li>\n<\/ul>\n<p>Kaspersky Lab \u00fcr\u00fcnleri, a\u015fa\u011f\u0131daki alg\u0131lama adlar\u0131ndaki zararl\u0131 yaz\u0131l\u0131mlar\u0131 ba\u015far\u0131yla alg\u0131lar ve engeller: Backdoor.Win32.Emdivi.*, Backdoor.Win64.Agent.*, Exploit.SWF.Agent.*, HEUR:Backdoor.Win32.Generic, HEUR:Exploit.SWF.Agent.gen, HEUR:Trojan.Win32.Generic, Trojan-Downloader.Win32.Agent.*, Trojan-Dropper.Win32.Agent.*.<\/p>\n<p><strong>Faydal\u0131 ba\u011flant\u0131lar:<\/strong><\/p>\n<ul>\n<li>Blur Termite siber casusluk kampanyas\u0131 hakk\u0131nda daha fazla bilgi edinin: Securelist.com<\/li>\n<li>Kaspersky Lab \u00fcr\u00fcnlerinin Blue Termite operasyonuna kar\u015f\u0131 nas\u0131l koruma sa\u011flad\u0131\u011f\u0131n\u0131 buradan \u00f6\u011frenin: <a href=\"https:\/\/business.kaspersky.com\/\" target=\"_blank\" rel=\"noopener nofollow\">https:\/\/business.kaspersky.com\/<\/a><\/li>\n<li>Di\u011fer siber casusluk operasyonlar\u0131 ve daha \u00f6nce Japonya\u2019y\u0131 hedeflemi\u015f olan kampanyalar hakk\u0131nda daha fazla bilgi edinin: <a href=\"https:\/\/apt.securelist.com\/#secondPage\/countriesdata=39\" target=\"_blank\" rel=\"noopener\">https:\/\/apt.securelist.com\/#secondPage\/countriesdata=39<\/a><\/li>\n<li>Sofistike hedefli sald\u0131r\u0131lar\u0131n nas\u0131l ara\u015ft\u0131r\u0131ld\u0131\u011f\u0131n\u0131 \u00f6\u011frenin: <a href=\"http:\/\/www.youtube.com\/watch?v=FzPYGRO9LsA\" target=\"_blank\" rel=\"noopener nofollow\">http:\/\/www.youtube.com\/watch?v=FzPYGRO9LsA<\/a><\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>Kaspersky Lab\u2019\u0131n Global Ara\u015ft\u0131rma ve Analiz Ekibi, son iki y\u0131lda Japonya\u2019dan y\u00fczlerce kurumu hedefleyen bir siber casusluk kampanyas\u0131 olan Blue Termite\u2019i ke\u015ffetti. Bu, Kaspersky Lab\u2019in \u00f6zellikle Japon hedeflere odaklanm\u0131\u015f ve<\/p>\n","protected":false},"author":350,"featured_media":1744,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1351],"tags":[740,738,615,739,616],"class_list":{"0":"post-1743","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-threats","8":"tag-ajan","9":"tag-blue-termite","10":"tag-hedefli-saldiri","11":"tag-japon","12":"tag-siber-casusluk"},"hreflang":[{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/bu-siber-casusluk-kampanyasi-yuksek-profilli-japon-hedeflerin-pesinde\/1743\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com.tr\/blog\/tag\/ajan\/","name":"ajan"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/1743","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/users\/350"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/comments?post=1743"}],"version-history":[{"count":2,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/1743\/revisions"}],"predecessor-version":[{"id":7224,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/1743\/revisions\/7224"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media\/1744"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media?parent=1743"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/categories?post=1743"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/tags?post=1743"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}