{"id":4332,"date":"2017-10-25T16:49:21","date_gmt":"2017-10-25T13:49:21","guid":{"rendered":"https:\/\/www.kaspersky.com.tr\/blog\/?p=4332"},"modified":"2022-05-05T14:27:58","modified_gmt":"2022-05-05T11:27:58","slug":"internal-investigation-preliminary-results","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com.tr\/blog\/internal-investigation-preliminary-results\/4332\/","title":{"rendered":"ABD medyas\u0131nda yer alan iddialarla ilgili i\u00e7 soru\u015fturman\u0131n \u00f6n sonu\u00e7lar\u0131 (yeni sonu\u00e7larla g\u00fcncellenmi\u015ftir)"},"content":{"rendered":"<h2>\u00d6ZET SSS<\/h2>\n<p><strong>\u2014 Bu i\u00e7 soru\u015fturma neyle ilgili?<\/strong><\/p>\n<p>\u2014 Ekim, 2017 tarihinde baz\u0131 ABD bas\u0131n kurulu\u015flar\u0131, 2015 y\u0131l\u0131nda Kaspersky Security Network ve NSA kurulu\u015flar\u0131n\u0131n dahil oldu\u011fu bir olayda gizli bil-gilerin s\u0131zd\u0131r\u0131ld\u0131\u011f\u0131n\u0131 iddia etti. Biz de her \u015feyi tekrar kontrol etmeye karar verdik.<\/p>\n<p><strong>\u2014 \u0130ddia edilen olay hakk\u0131nda herhangi bir bilgi bulabildiniz mi?<\/strong><\/p>\n<p>\u2014 Hay\u0131r, 2015\u2019de ger\u00e7ekle\u015fti\u011fi iddia edilen olayla ilgili hi\u00e7bir bilgi bulamad\u0131k. Ancak medyadaki haberlerde anlat\u0131lana benzerlik g\u00f6steren ve 2014 y\u0131l\u0131nda ger\u00e7ekle\u015fmi\u015f olan bir olay vard\u0131.<\/p>\n<p><strong>\u2014 Bu olayda tam olarak ne oldu?<\/strong><\/p>\n<p>\u2014 \u00dcr\u00fcn\u00fcm\u00fcz bir kullan\u0131c\u0131n\u0131n sisteminde daha \u00f6nceden bilinen Equation k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m\u0131n\u0131 tespit etti. Daha sonra ayn\u0131 sistemde Microsoft Office\u2019in korsan s\u00fcr\u00fcm\u00fcnden kaynaklanan ve Equation ile ilgisi olmayan bir arka kap\u0131 ve daha \u00f6nce bilinmeyen k\u00f6t\u00fc ama\u00e7l\u0131 bir yaz\u0131l\u0131m\u0131n numunelerini i\u00e7eren bir 7-Zip ar\u015fivi tespit edildi. \u00dcr\u00fcn\u00fcm\u00fcz bunlar\u0131 tespit ettikten sonra ar\u015fivi analiz i\u00e7in antivir\u00fcs ara\u015ft\u0131rmac\u0131lar\u0131m\u0131za g\u00f6nderdi. Ar\u015fivin, gizli i\u015fareti ta\u015f\u0131yan bir\u00e7ok Word belgesinin yan\u0131 s\u0131ra Equation Group ile ili\u015fkili gibi g\u00f6r\u00fcnen k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m kaynak kodu i\u00e7erdi\u011fi ortaya \u00e7\u0131kt\u0131.<\/p>\n<p><strong>\u2014 Arka kap\u0131 neydi?<\/strong><\/p>\n<p>\u2014 \u201cSmoke Bot\u201d veya \u201cSmoke Loader\u201d olarak da bilinen Mokes arka kap\u0131s\u0131yd\u0131. Bu k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m\u0131n ilgin\u00e7 yan\u0131, 2011 y\u0131l\u0131nda Rus yeralt\u0131 forumlar\u0131nda sat\u0131n al\u0131nabiliyor olmas\u0131yd\u0131. Ayr\u0131ca bu k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m\u0131n komuta ve kontrol sunucular\u0131n\u0131n, 2014 y\u0131l\u0131n\u0131n Ekim ve Kas\u0131m aylar\u0131 boyunca (muhtemelen) \u201cZhou Lou\u201d adl\u0131 bir \u00c7in \u015firketine kay\u0131tl\u0131 olmas\u0131 da dikkate de\u011fer bir noktad\u0131r.<\/p>\n<p><strong>\u2014 S\u00f6z konusu PC\u2019ye yaln\u0131zca bu k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m m\u0131 bula\u015fm\u0131\u015ft\u0131?<\/strong><\/p>\n<p>\u2014 Bunu tespit etmek zor: \u00dcr\u00fcn\u00fcm\u00fcz sistemde uzun bir s\u00fcre boyunca devre d\u0131\u015f\u0131 b\u0131rak\u0131lm\u0131\u015f. Ancak \u00fcr\u00fcn\u00fcm\u00fcz etkinle\u015ftirildi\u011finde Equation ile ilgisi olmayan farkl\u0131 k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131mlar, arka kap\u0131lar, g\u00fcvenlik a\u00e7\u0131klar\u0131ndan yararlanan yaz\u0131l\u0131mlar, Truva Atlar\u0131 ve reklam yaz\u0131l\u0131mlar\u0131 dahil olmak \u00fczere 121 uyar\u0131 bildirdi. Yani g\u00f6r\u00fcn\u00fc\u015fe g\u00f6re bu PC, k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131mlar i\u00e7in pop\u00fcler bir hedefti.<\/p>\n<p><strong>\u2014 Yaz\u0131l\u0131m\u0131n\u0131z, bu ar\u015fivi, \u201c\u00e7ok gizli\u201d, \u201cgizli bilgi\u201d gibi kelimeleri aratarak kas\u0131tl\u0131 bir \u015fekilde arad\u0131 m\u0131?<\/strong><\/p>\n<p>\u2014 Hay\u0131r, aramad\u0131. K\u00f6t\u00fc ama\u00e7l\u0131 ar\u015fiv, proaktif koruma teknolojilerimiz taraf\u0131ndan otomatik olarak tespit edildi.<\/p>\n<p><strong>\u2014 Bu ar\u015fivi ve\/veya i\u00e7erdi\u011fi dosyalar\u0131 herhangi bir \u00fc\u00e7\u00fcnc\u00fc taraf ile payla\u015ft\u0131n\u0131z m\u0131?<\/strong><\/p>\n<p>\u2014 Hay\u0131r, payla\u015fmad\u0131k. Hatta CEO\u2019muzun talebi do\u011frultusunda bu ar\u015fivi hemen sildik.<\/p>\n<p><strong>\u2014 Bu dosyalar\u0131 neden sildiniz?<\/strong><\/p>\n<p>\u2014 \u00c7\u00fcnk\u00fc korumam\u0131z\u0131 artt\u0131rmak i\u00e7in b\u0131rak\u0131n gizli Word belgelerini kaynak kodlara bile ihtiyac\u0131m\u0131z yok. Derlenmi\u015f dosyalar (ikili dosyalar) bizim i\u00e7in yeterlidir. Yaln\u0131zca ve <em>yaln\u0131zca <\/em>bu dosyalar\u0131 saklar\u0131z.<\/p>\n<p><strong>\u2014 Kurumsal a\u011f\u0131n\u0131z\u0131n ele ge\u00e7irildi\u011fine dair herhangi bir kan\u0131ta ula\u015ft\u0131n\u0131z m\u0131?<\/strong><\/p>\n<p>\u2014 Duqu 2.0 olay\u0131 haricinde, hi\u00e7bir ele ge\u00e7irilme kan\u0131t\u0131na ula\u015fmad\u0131k. Zaten Duqu 2.0 olay\u0131 ger\u00e7ekle\u015ftikten sonra bunu kamuyla payla\u015fm\u0131\u015ft\u0131k.<\/p>\n<p><strong>\u2014 Verilerinizi \u00fc\u00e7\u00fcnc\u00fc bir taraf ile payla\u015fmaya haz\u0131r m\u0131s\u0131n\u0131z?<\/strong><\/p>\n<p>\u2014 Evet, t\u00fcm verilerimizi ba\u011f\u0131ms\u0131z bir denetim i\u00e7in payla\u015fmaya haz\u0131r\u0131z. Ara\u015f-t\u0131rmalar\u0131m\u0131z s\u00fcrerken Securelist \u00fczerindeki bu raporumuzdan teknik ayr\u0131nt\u0131lar\u0131 ince-leyebilirsiniz.<\/p>\n<h2>SONU\u00c7<\/h2>\n<p>Kaspersky Lab, medyada yer alan 2015 olaylar\u0131yla ilgili iddialara ili\u015fkin olarak Kas\u0131m 2017 tarihinde telemetri g\u00fcnl\u00fcklerinin kapsaml\u0131 incelemesini ba\u015flatm\u0131\u015ft\u0131r. \u015eu ana kadar haberdar oldu\u011fumuz tek olay, 2014 y\u0131l\u0131nda bir APT soru\u015fturmas\u0131 s\u0131ras\u0131nda tespit alt sistemlerimizin Equation k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m kaynak kod dosyalar\u0131 gibi g\u00f6r\u00fcnen dosyalar\u0131 bulmas\u0131yla ger\u00e7ek-le\u015fmi\u015ftir. Soru\u015fturma kapsam\u0131nda, buna benzer ba\u015fka olaylar\u0131n olup olma-d\u0131\u011f\u0131n\u0131n ara\u015ft\u0131r\u0131lmas\u0131na karar verildi. Ayr\u0131ca s\u00f6zde 2015 olay\u0131 zaman\u0131nda Duqu 2.0 d\u0131\u015f\u0131nda herhangi bir \u00fc\u00e7\u00fcnc\u00fc taraf\u0131n sistemlerimize yetkisiz eri\u015fim sa\u011flay\u0131p sa\u011flamad\u0131\u011f\u0131n\u0131n da ara\u015ft\u0131r\u0131lmas\u0131 kararla\u015ft\u0131r\u0131ld\u0131.<\/p>\n<p>2014 y\u0131l\u0131ndaki vakayla ilgili kapsaml\u0131 bir soru\u015fturma ger\u00e7ekle\u015ftirdik. Bu soru\u015fturmada ortaya \u00e7\u0131kan \u00f6n sonu\u00e7lar a\u015fa\u011f\u0131daki gibidir:<\/p>\n<ul>\n<li>Equation APT (Geli\u015fmi\u015f Kal\u0131c\u0131 Tehdit) soru\u015fturmas\u0131 s\u0131ras\u0131nda, d\u00fcnya genelinde 40\u2019dan fazla \u00fclkede bu tehdidin yay\u0131ld\u0131\u011f\u0131 g\u00f6zlemlendi.<\/li>\n<li>ABD\u2019de de bu yaz\u0131l\u0131m\u0131n baz\u0131 cihazlara bula\u015ft\u0131\u011f\u0131 tespit edildi.<\/li>\n<li>Kaspersky Lab, rutin bir prosed\u00fcr olarak ABD\u2019de ger\u00e7ekle\u015fen aktif APT sald\u0131r\u0131lar\u0131 hakk\u0131nda ilgili ABD kamu kurumlar\u0131n\u0131 bilgilendirir.<\/li>\n<li>ABD\u2019de tespit edilen vir\u00fcslerden birisi, Equation grubu taraf\u0131ndan kullan\u0131lan yeni ve bilinmeyen hata ay\u0131klama de\u011fi\u015fkenlerinden olu\u015fmaktayd\u0131.<\/li>\n<li>Yeni Equation numunulerinin tespit edildi\u011fi olayda, ev kullan\u0131c\u0131lar\u0131 i\u00e7in geli\u015ftirilen \u00fcr\u00fcn serimiz kullan\u0131lmaktayd\u0131. KSN etkinle\u015ftirildi\u011finde yeni ve bilinmeyen k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131mla ilgili otomatik numune g\u00f6nderimi de etkinle\u015ftirilmi\u015f oldu.<\/li>\n<li>Bu olayda Equation k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m\u0131n\u0131n ilk kez tespit edilmesi 11 Eyl\u00fcl 2014\u2019te ger\u00e7ekle\u015fmi\u015ftir. A\u015fa\u011f\u0131daki \u00f6rnek tespit edilmi\u015ftir:<br>\n\u25cb 44006165AABF2C39063A419BC73D790D<br>\n\u25cb mpdkg32.dll<br>\nKarar: HEUR:Trojan.Win32.GrayFish.gen<\/li>\n<li>Bu tespitlerin ard\u0131ndan kullan\u0131c\u0131, yasa d\u0131\u015f\u0131 bir Microsoft Office aktivasyon anahtar\u0131 olu\u015fturucusundan (di\u011fer ad\u0131yla \u201ckeygen\u201d) anla\u015f\u0131ld\u0131\u011f\u0131 \u00fczere makinelerine korsan yaz\u0131l\u0131m indirmi\u015f ve y\u00fcklemi\u015ftir. (md5: a82c0575f214bdc7c8ef5a06116cd2a4: tespitin kapsam\u0131 i\u00e7in k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m bula\u015ft\u0131\u011f\u0131 ortaya \u00e7\u0131kan bu <a href=\"https:\/\/www.virustotal.com\/#\/file\/6bcd591540dce8e0cef7b2dc6a378a10d79f94c3217bca5f05db3c24c2036340\/detection\" target=\"_blank\" rel=\"noopener nofollow\">VirusTotal ba\u011flant\u0131s\u0131na bak\u0131n<\/a>). Kaspersky Lab \u00fcr\u00fcnleri bu k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m\u0131 <strong>Backdoor.Win32.Mokes.hvl<\/strong> karar\u0131yla tespit etmi\u015ftir.<\/li>\n<li>K\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m, \u201cOffice-2013-PPVL-x64-en-US-Oct2013.iso\u201d ad\u0131nda bir klas\u00f6r\u00fcn i\u00e7inde tespit edilmi\u015ftir. Bu durum, sisteme sanal s\u00fcr\u00fcc\u00fc\/klas\u00f6r olarak ba\u011fl\u0131 bir ISO g\u00f6r\u00fcnt\u00fcs\u00fcne i\u015faret etmektedir.<\/li>\n<li><strong>Backdoor.Win32.Mokes.hvl<\/strong> (sahte keygen) tespiti, 2013 y\u0131l\u0131ndan itibaren Kaspersky Lab \u00fcr\u00fcnlerinde yer almaktad\u0131r.<\/li>\n<li>Bu makinede k\u00f6t\u00fc ama\u00e7l\u0131 (sahte) keygen\u2019in ilk tespiti 4 Ekim 2014\u2019te ger\u00e7ekle\u015fmi\u015ftir.<\/li>\n<li>Bu keygeni y\u00fcklemek ve \u00e7al\u0131\u015ft\u0131rmak i\u00e7in kullan\u0131c\u0131 cihaz\u0131ndaki Kasperksy \u00fcr\u00fcnlerini devre d\u0131\u015f\u0131 b\u0131rakm\u0131\u015ft\u0131r. Antivir\u00fcs\u00fcn tam olarak ne zaman devre d\u0131\u015f\u0131 b\u0131rak\u0131ld\u0131\u011f\u0131 telemetri ile anla\u015f\u0131lamam\u0131\u015ft\u0131r. Ancak daha sonra keygen k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m\u0131n\u0131n sistemde \u00e7al\u0131\u015fmas\u0131, antivir\u00fcs\u00fcn devre d\u0131\u015f\u0131 b\u0131rak\u0131ld\u0131\u011f\u0131n\u0131 veya keygen \u00e7al\u0131\u015ft\u0131r\u0131l\u0131rken \u00e7al\u0131\u015ft\u0131r\u0131lmad\u0131\u011f\u0131n\u0131 g\u00f6sterir. Antivir\u00fcs etkinken keygen arac\u0131n\u0131 y\u00fcr\u00fctmek imk\u00e2ns\u0131zd\u0131r.<\/li>\n<li>Kullan\u0131c\u0131, \u00fcr\u00fcn\u00fcn pasif durumda oldu\u011fu belirsiz bir d\u00f6nem boyunca bu k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m\u0131n sald\u0131r\u0131s\u0131na u\u011fram\u0131\u015ft\u0131r. Truva At\u0131\u2019na d\u00f6n\u00fc\u015ft\u00fcr\u00fclm\u00fc\u015f keygen taraf\u0131ndan y\u00fcklenen k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m, tamamen a\u00e7\u0131k bir arka kap\u0131d\u0131r ve kullan\u0131c\u0131n\u0131n bilgisayar\u0131na \u00fc\u00e7\u00fcnc\u00fc taraflar\u0131n eri\u015fim sa\u011flamas\u0131na olanak tan\u0131m\u0131\u015f olabilir.<\/li>\n<li>Daha sonra kullan\u0131c\u0131 antivir\u00fcs\u00fc tekrar etkinle\u015ftirmi\u015f ve \u00fcr\u00fcn bu k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m\u0131 (karar: \u201c<strong>Backdoor.Win32.Mokes.hvl<\/strong>\u201c) tespit ederek \u00e7al\u0131\u015fmaya devam etmesine engel olmu\u015ftur.<\/li>\n<li>Devam eden ara\u015ft\u0131rmam\u0131z\u0131n bir par\u00e7as\u0131 olarak Kaspersky Lab ara\u015ft\u0131rmac\u0131lar\u0131, bu arka kap\u0131y\u0131 ve bu bilgisayardan g\u00f6nderilen Equation olmayan, tehditle ilgili telemetriyi derinlemesine inceledi. Mokes arka kap\u0131s\u0131n\u0131n (di\u011fer ad\u0131yla \u201cSmoke Bot\u201d veya \u201cSmoke Loader\u201d), Rus yeralt\u0131 forumlar\u0131nda ortaya \u00e7\u0131kt\u0131\u011f\u0131 ve 2011 y\u0131l\u0131nda sat\u0131\u015fa sunuldu\u011fu kamuoyunca bilinmektedir.\u00a0 Kaspersky Lab ara\u015ft\u0131rmalar\u0131, 2014 y\u0131l\u0131n\u0131n Ekim ve Kas\u0131m aylar\u0131 boyunca bu k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131ma ait komuta ve kontrol sunucular\u0131n\u0131n (muhtemelen) \u201cZhou Lou\u201d adl\u0131 bir \u00c7in \u015firketine kay\u0131tl\u0131 oldu\u011funu g\u00f6stermi\u015ftir. Mokes arka kap\u0131s\u0131n\u0131n teknik analizini <a href=\"https:\/\/kasperskycontenthub.com\/securelist\/files\/2017\/11\/Appendix_Mokes-SmokeBot_analysis.pdf\" target=\"_blank\" rel=\"noopener nofollow\">burada bulabilirsiniz<\/a>.<\/li>\n<li>\u0130ki ayl\u0131k s\u00fcre\u00e7 boyunca s\u00f6z konusu sistemde kurulu olan \u00fcr\u00fcn; arka kap\u0131lar, a\u00e7\u0131klardan yararlanan yaz\u0131l\u0131mlar, Truva Atlar\u0131 ve reklam yaz\u0131l\u0131mlar\u0131 dahil olmak \u00fczere Equation ile ilgisi olmayan 121 \u00f6ge hakk\u0131nda bildirimde bulunmu\u015ftur: Mevcut telemetrinin k\u0131s\u0131tl\u0131 say\u0131da olmas\u0131 \u00fcr\u00fcn\u00fcm\u00fcz\u00fcn bu tehditleri fark etti\u011fini do\u011frulamam\u0131z\u0131 sa\u011flar. Ancak \u00fcr\u00fcn\u00fcn devre d\u0131\u015f\u0131 b\u0131rak\u0131ld\u0131\u011f\u0131 s\u00fcrede bu tehditlerin \u00e7al\u0131\u015f\u0131p \u00e7al\u0131\u015fmad\u0131\u011f\u0131n\u0131 belirlemek imk\u00e2ns\u0131zd\u0131r. Kaspersky Lab, di\u011fer k\u00f6t\u00fc ama\u00e7l\u0131 numuneleri ara\u015ft\u0131rmaya devam etmektedir ve analiz tamamlan\u0131r tamamlanmaz di\u011fer sonu\u00e7lar da a\u00e7\u0131klanacakt\u0131r.<\/li>\n<li><strong>Backdoor.Win32.Mokes.hvl<\/strong> k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m\u0131 bula\u015ft\u0131ktan sonra, kullan\u0131c\u0131 bilgisayar\u0131n\u0131 bir\u00e7ok kez taratm\u0131\u015f ve bu taramalar\u0131n sonucunda Equation APT k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m\u0131n\u0131n yeni ve bilinmeyen de\u011fi\u015fkenleri tespit edilmi\u015ftir.<\/li>\n<li>Bu makinedeki son tespit 17 Kas\u0131m 2014\u2019te olmu\u015ftur.<\/li>\n<li>\u00dcr\u00fcn taraf\u0131ndan Equation APT k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m\u0131n\u0131n yeni de\u011fi\u015fkeni olarak tespit edilen dosyalardan biri 7zip ar\u015fiv dosyas\u0131d\u0131r.<\/li>\n<li>Ar\u015fivin kendisi, k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m olarak tespit edilmi\u015f ve analiz i\u00e7in Kaspersky Lab\u2019e g\u00f6nderilerek analistlerimizden biri taraf\u0131ndan i\u015flenmi\u015ftir. \u0130\u015flendikten sonra ar\u015fivin; bir\u00e7ok k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m numunesi, Equation k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m\u0131na ait gibi g\u00f6r\u00fcnen kaynak kod ve gizlilik i\u015fareti ta\u015f\u0131yan d\u00f6rt Word belgesi i\u00e7erdi\u011fi anla\u015f\u0131lm\u0131\u015ft\u0131r.<\/li>\n<li>\u015e\u00fcpheli Equation k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m kaynak kodu ke\u015ffedildikten sonra analist olay\u0131 CEO\u2019ya bildirmi\u015ftir. CEO\u2019dan gelen bir talep do\u011frultusunda ar\u015fiv t\u00fcm sistemlerimizden silinmi\u015ftir. Ar\u015fiv herhangi bir \u00fc\u00e7\u00fcnc\u00fc taraf ile payla\u015f\u0131lmam\u0131\u015ft\u0131r.<\/li>\n<li>Bu olay nedeniyle t\u00fcm k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m analistleri i\u00e7in yeni bir ilke belirlenmi\u015ftir: Analistlerin art\u0131k k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m ara\u015ft\u0131rmas\u0131 s\u0131ras\u0131nda yanl\u0131\u015fl\u0131kla toplanan her t\u00fcrl\u00fc olas\u0131 gizli materyali silmeleri gerekmektedir.<\/li>\n<li>Kaspersky Lab\u2019in bu dosyalar\u0131 silmesinin ve gelecekte de benzer dosyalar\u0131 silmeye devam edecek olmas\u0131n\u0131n iki nedeni vard\u0131r: Birincisi korumay\u0131 geli\u015ftirmek i\u00e7in yaln\u0131zca k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m ikili dosyalar\u0131na ihtiya\u00e7 duyar\u0131z. \u0130kincisi ise olas\u0131 gizli materyallerin y\u00f6netimi konusunda endi\u015felerimiz var.<\/li>\n<li>2015 y\u0131l\u0131nda bu kullan\u0131c\u0131yla ilgili ba\u015fka bir tespit al\u0131nmam\u0131\u015ft\u0131r.<\/li>\n<li>\u015eubat 2015 tarihinde Equation ile ilgili duyurumuzun ard\u0131ndan, KSN\u2019nin etkin oldu\u011fu bir\u00e7ok kullan\u0131c\u0131m\u0131z\u0131n orijinal tespit ile ayn\u0131 IP aral\u0131\u011f\u0131nda oldu\u011fu g\u00f6r\u00fclm\u00fc\u015ft\u00fcr. Bu bilgisayarlar\u0131n, her bilgisayara Equation ile ilgili \u00e7e\u015fitli numunelerin y\u00fcklendi\u011fi \u201csanal sunucular\u201d (honeypots) olarak yap\u0131land\u0131r\u0131ld\u0131\u011f\u0131 tahmin edilmektedir. Bu \u201csanal sucunularda\u201d hi\u00e7bir ola\u011fan d\u0131\u015f\u0131 (y\u00fcr\u00fct\u00fclemez) numune tespit edilmemi\u015f ve g\u00f6nderilmemi\u015ftir ve tespitler herhangi bir \u00f6zel y\u00f6ntem kullan\u0131larak i\u015flenmemi\u015ftir.<\/li>\n<li>Soru\u015fturma sonucunda; 2015, 2016 veya 2017 y\u0131llar\u0131nda bu konuyla ilgili ba\u015fka herhangi bir olay ortaya \u00e7\u0131kmam\u0131\u015ft\u0131r.<\/li>\n<li>Kaspersky Lab a\u011flar\u0131nda Duqu 2.0 haricinde herhangi bir \u00fc\u00e7\u00fcnc\u00fc taraf yetkisiz eri\u015fimi tespit edilmemi\u015ftir.<\/li>\n<li>Soru\u015fturma sonucunda, Kaspersky Lab \u00fcr\u00fcnlerinde hi\u00e7bir zaman \u201c\u00e7ok gizli\u201d ve \u201cgizli\u201d gibi anahtar kelimelere dayal\u0131 tehdit olu\u015fturmayan (k\u00f6t\u00fc ama\u00e7l\u0131 olmayan) belgelerin tespit edilmedi\u011fi onaylanm\u0131\u015ft\u0131r.<\/li>\n<\/ul>\n<p>Yukar\u0131daki sonu\u00e7lar\u0131n, 2014 y\u0131l\u0131ndaki olay\u0131n do\u011fru bir analizi oldu\u011funa inan\u0131yoruz. Soru\u015fturma h\u00e2len devam etmektedir ve \u015firket, yeni teknik bilgilere ula\u015ft\u0131k\u00e7a bunlar\u0131 payla\u015facakt\u0131r. Teknik ayr\u0131nt\u0131lar dahil olmak \u00fczere bu olay hakk\u0131ndaki t\u00fcm bilgileri, <a href=\"https:\/\/www.kaspersky.com.tr\/blog\/transparency-initiative\/4318\/\" target=\"_blank\" rel=\"noopener\">Global \u015eeffafl\u0131k Giri\u015fimi<\/a>\u2018mizin par\u00e7as\u0131 olarak \u00e7apraz inceleme i\u00e7in g\u00fcvenilir bir \u00fc\u00e7\u00fcnc\u00fc taraf ile payla\u015fmay\u0131 planlamaktay\u0131z.<\/p>\n<p><strong>Bu g\u00f6nderi zaman damgalar\u0131 ve SSS eklenerek 27 Ekim 2017 tarihinde g\u00fcncellenmi\u015ftir. 16 Kas\u0131m 2017 tarihinde ise yeni bulgular eklenmi\u015ftir. Daha \u00e7ok teknik ayr\u0131nt\u0131ya <\/strong><a href=\"https:\/\/securelist.com\/investigation-report-for-the-september-2014-equation-malware-detection-incident-in-the-us\/83210\/\" target=\"_blank\" rel=\"noopener\">Securelist\u2019te yay\u0131nlanan bu rapordan<\/a><strong> ula\u015fabilirsiniz.<\/strong><\/p>\n<p><strong>\u00a0<\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Medyada yer alan 2015 olaylar\u0131yla ilgili iddialara ili\u015fkin olarak Ekim 2017&#8217;de telemetri g\u00fcnl\u00fcklerinin kapsaml\u0131 incelemesini ba\u015flatt\u0131k. Bunlar \u00f6n sonu\u00e7lard\u0131r.<\/p>\n","protected":false},"author":2706,"featured_media":2886,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1351],"tags":[493,1411,1412,197,1414,1416,1415,1413],"class_list":{"0":"post-4332","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-threats","8":"tag-apt","9":"tag-arka-kapi","10":"tag-backdoor","11":"tag-duqu","12":"tag-duqu-2-0","13":"tag-equation","14":"tag-keygen","15":"tag-tespit"},"hreflang":[{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/internal-investigation-preliminary-results\/4332\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/internal-investigation-preliminary-results\/11668\/"},{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/internal-investigation-preliminary-results\/9727\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/internal-investigation-preliminary-results\/13084\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/internal-investigation-preliminary-results\/12003\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/internal-investigation-preliminary-results\/11632\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/internal-investigation-preliminary-results\/14660\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/internal-investigation-preliminary-results\/14381\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/internal-investigation-preliminary-results\/19108\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/internal-investigation-preliminary-results\/19894\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/internal-investigation-preliminary-results\/9792\/"},{"hreflang":"pl","url":"https:\/\/plblog.kaspersky.com\/internal-investigation-preliminary-results\/8412\/"},{"hreflang":"zh","url":"https:\/\/www.kaspersky.com.cn\/blog\/internal-investigation-preliminary-results\/8742\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/internal-investigation-preliminary-results\/18783\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/internal-investigation-preliminary-results\/18967\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/internal-investigation-preliminary-results\/18956\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com.tr\/blog\/tag\/equation\/","name":"Equation"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/4332","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/users\/2706"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/comments?post=4332"}],"version-history":[{"count":7,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/4332\/revisions"}],"predecessor-version":[{"id":4420,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/4332\/revisions\/4420"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media\/2886"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media?parent=4332"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/categories?post=4332"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/tags?post=4332"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}