{"id":4787,"date":"2018-03-13T13:14:07","date_gmt":"2018-03-13T10:14:07","guid":{"rendered":"https:\/\/www.kaspersky.com.tr\/blog\/?p=4787"},"modified":"2022-05-05T14:27:56","modified_gmt":"2022-05-05T11:27:56","slug":"olimpiyat-katili-olimpiyatlari-kim-hackledi","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com.tr\/blog\/olimpiyat-katili-olimpiyatlari-kim-hackledi\/4787\/","title":{"rendered":"Olimpiyat Katili: Olimpiyatlar\u0131 kim hackledi?"},"content":{"rendered":"<p>Ge\u00e7mi\u015fte, Olimpiyatlara kat\u0131lan b\u00fct\u00fcn \u00fclkeler oyunlar s\u0131ras\u0131nda sava\u015flar\u0131 durdurur, siyasi anla\u015fmazl\u0131klar\u0131n\u0131 bir kenara b\u0131rak\u0131rd\u0131. Bug\u00fcnlerde, bunun tam tersinin ya\u015fanmas\u0131 daha olas\u0131. PyeongChang K\u0131\u015f Olimpiyatlar\u0131 bir skandalla ba\u015flad\u0131: Kimli\u011fi belirsiz hackerlar<a href=\"https:\/\/www.reuters.com\/article\/us-olympics-2018-cyber\/games-organizers-confirm-cyber-attack-wont-reveal-source-idUSKBN1FV036\" target=\"_blank\" rel=\"noopener nofollow\"> tam a\u00e7\u0131l\u0131\u015f merasiminden \u00f6nce sunuculara sald\u0131rd\u0131lar<\/a> ve bir\u00e7ok izleyici, biletlerini yazd\u0131ramad\u0131klar\u0131ndan dolay\u0131 bu merasime kat\u0131lamad\u0131.<\/p>\n<p>Olimpiyat Katili olarak adland\u0131r\u0131lan k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m, oyunlar\u0131n yay\u0131n\u0131n\u0131 bozup, Olimpiyatlar\u0131n resmi sitesini ve stadyumdaki kablosuz internet sistemini \u00e7\u00f6kertti. Organizasyon Komitesi, ciddi s\u0131k\u0131nt\u0131lar ya\u015fanmayaca\u011f\u0131 s\u00f6z\u00fcn\u00fc verdi ama b\u00fct\u00fcn bu \u015famata az\u0131msanacak bir durum de\u011fil. Bu y\u00fczden, tam olarak neler ya\u015fand\u0131\u011f\u0131n\u0131 ve sald\u0131r\u0131n\u0131n arkas\u0131nda kimin oldu\u011funu bulmak ilgin\u00e7 olabilir.<\/p>\n<h2>Olimpiyat Katili nas\u0131l \u00e7al\u0131\u015f\u0131yor<\/h2>\n<p>Yay\u0131lma mekani\u011fini a\u00e7\u0131s\u0131ndan bakt\u0131\u011f\u0131m\u0131zda, Olimpiyat Katili bir a\u011f solucan\u0131. Uzmanlar\u0131m\u0131z, ilk olarak ele ge\u00e7irilen ve solucan\u0131 yaymak i\u00e7in kullan\u0131lan \u00fc\u00e7 ba\u015flama noktas\u0131 ke\u015ffettiler: <a href=\"http:\/\/pyeongchang2018.com\" target=\"_blank\" rel=\"noopener nofollow\">pyeongchang2018.com<\/a>, kayak merkezlerinin a\u011f sunucular\u0131 ve Atos\u2019un sunucular\u0131, son olarak da bili\u015fim hizmeti sa\u011flay\u0131c\u0131s\u0131.<\/p>\n<p>Solucan, bu platformlar arac\u0131l\u0131\u011f\u0131yla Windows a\u011f payla\u015f\u0131mlar\u0131n\u0131 kullanarak a\u011f i\u00e7inde otomatik olarak yay\u0131ld\u0131. Yay\u0131ld\u0131k\u00e7a, solucandan etkinlenmi\u015f olan bilgisayardaki parolalar\u0131 \u00e7al\u0131p, kendini bunlar\u0131n \u00fczerine yazarak daha da h\u0131zland\u0131. Olimpiyat Katili\u2019nin nihai amac\u0131, soluncan\u0131n ula\u015fabildi\u011fi a\u011f s\u00fcr\u00fcc\u00fcndeki dosyalar\u0131 silmek ve etkiledi\u011fi sistemleri \u00e7\u00f6kertmekti.<\/p>\n<h2>Partinin tad\u0131n\u0131 kim ka\u00e7\u0131rd\u0131?<\/h2>\n<p>Haberciler ve blog yazarlar\u0131, Olimpiyatlar\u0131n a\u00e7\u0131l\u0131\u015f merasimini kimin, niye sabote etmeye \u00e7al\u0131\u015ft\u0131\u011f\u0131na dair s\u00f6ylentiler yazd\u0131lar. Kuzey Kore, oyunlar ba\u015flamadan \u00f6nce bile \u015f\u00fcpheli konumundayd\u0131: Kuzey Korelilerin Organizasyon Komitesi\u2019nin bilgisayarlar\u0131n\u0131 g\u00f6zetledi\u011fi iddia ediliyordu.<\/p>\n<p>Sonras\u0131nda da do\u011fal olarak Ruslardan \u015f\u00fcphe duyuldu: Sonu\u00e7ta Rus tak\u0131m\u0131ndan sadece belirli ki\u015filerin, sert k\u0131s\u0131tlamalar alt\u0131nda yar\u0131\u015fmaya kat\u0131lmas\u0131na izin verilmi\u015fti ve ulusal bayraklar\u0131 yasakl\u0131yd\u0131. Ancak ara\u015ft\u0131rmac\u0131lar Olimpiyat Katili ve \u00c7inli siber su\u00e7lular\u0131n yapt\u0131\u011f\u0131 ba\u015fka bir k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m aras\u0131nda benzerlikler ke\u015ffettiklerinde, \u015f\u00fcpheler \u00c7in\u2019e kayd\u0131.<\/p>\n<h2>Kaspersky Lab g\u00f6rev ba\u015f\u0131nda<\/h2>\n<p>Toplumun geneli sadece tahmin y\u00fcr\u00fct\u00fcrken, siber g\u00fcvenlik uzmanlar\u0131 kan\u0131t pe\u015finde ko\u015ftular. Kaspersky Lab de kendi incelemesini ba\u015flatt\u0131.<\/p>\n<p>Ba\u015flarda, herkes gibi bizim uzmanlar\u0131m\u0131z da Kuzey Koreli siber su\u00e7lulardan, daha spesifik olarak <a href=\"https:\/\/www.kaspersky.com\/blog\/operation-blockbuster\/11407\/\" target=\"_blank\" rel=\"noopener nofollow\">Lazarus Grubu<\/a>\u2018ndan ku\u015fkulan\u0131yordu. Olimpiyat Katili\u2019nin bir \u00f6rne\u011fini inceledikten sonra, ara\u015ft\u0131rmac\u0131lar\u0131m\u0131z do\u011frudan Lazarus\u2019a i\u015faret eden bir grup dijital parmak izi buldular.<\/p>\n<p>Ancak uzmanlar\u0131m\u0131z i\u015fin daha da derinine indik\u00e7e, bir\u00e7ok uyu\u015fmazl\u0131k ke\u015ffetti. Bulunan b\u00fct\u00fcn \u201c\u00f6rnekleri\u201d tekrar g\u00f6zden ge\u00e7irdikten ve kod \u00fczerine \u00e7al\u0131\u015ft\u0131ktan sonra, kesin kan\u0131t olarak g\u00f6r\u00fcnen \u015feyin asl\u0131nda \u00e7ok detayl\u0131 bir taklit, yani bir sahte bayrak oldu\u011funu fark ettiler.<\/p>\n<p>Bunun d\u0131\u015f\u0131nda, uzmanlar\u0131m\u0131z Olimpiyat Katili\u2019ni incelerken, tamamen farkl\u0131 bir Rus hacker grubu olan <a href=\"https:\/\/www.kaspersky.com\/blog\/sofacy-2017-update\/21227\/\" target=\"_blank\" rel=\"noopener nofollow\">Sofacy<\/a>\u2018e (APT28 ya da Fancy Bear olarak da biliniyor) i\u015faret eden kan\u0131tlar buldular. Ancak bu kan\u0131t\u0131n da sahte oldu\u011fu ihtimalini kafam\u0131zdan silmemeliyiz. Konu \u00fcst seviye siber casusluk oldu\u011funda, hi\u00e7bir \u015feyden y\u00fczde y\u00fcz emin olamay\u0131z.<\/p>\n<input type=\"hidden\" class=\"category_for_banner\" value=\"gandalf30\">\n","protected":false},"excerpt":{"rendered":"<p>Ge\u00e7mi\u015fte, Olimpiyatlara kat\u0131lan b\u00fct\u00fcn \u00fclkeler oyunlar s\u0131ras\u0131nda sava\u015flar\u0131 durdurur, siyasi anla\u015fmazl\u0131klar\u0131n\u0131 bir kenara b\u0131rak\u0131rd\u0131. Bug\u00fcnlerde, bunun tam tersinin ya\u015fanmas\u0131 daha olas\u0131. PyeongChang K\u0131\u015f Olimpiyatlar\u0131 bir skandalla ba\u015flad\u0131: Kimli\u011fi belirsiz hackerlar tam a\u00e7\u0131l\u0131\u015f merasiminden \u00f6nce sunuculara sald\u0131rd\u0131lar ve bir\u00e7ok izleyici, biletlerini yazd\u0131ramad\u0131klar\u0131ndan dolay\u0131 bu merasime kat\u0131lamad\u0131.<\/p>\n","protected":false},"author":2706,"featured_media":4788,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1287,1352,1351],"tags":[1566,493,667,1567,352,1454,1568,522,337,333,1532,1569],"class_list":{"0":"post-4787","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-news","8":"category-special-projects","9":"category-threats","10":"tag-thesas2018","11":"tag-apt","12":"tag-arastirma","13":"tag-hedef-odakli-saldiri","14":"tag-kaspersky-lab","15":"tag-lazarus","16":"tag-olimpiyat-katili","17":"tag-olimpiyatlar","18":"tag-sas","19":"tag-security-analyst-summit","20":"tag-sofacy","21":"tag-the-sas-2018"},"hreflang":[{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/olimpiyat-katili-olimpiyatlari-kim-hackledi\/4787\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com.tr\/blog\/tag\/thesas2018\/","name":"#TheSas2018"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/4787","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/users\/2706"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/comments?post=4787"}],"version-history":[{"count":2,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/4787\/revisions"}],"predecessor-version":[{"id":6956,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/4787\/revisions\/6956"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media\/4788"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media?parent=4787"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/categories?post=4787"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/tags?post=4787"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}