{"id":5914,"date":"2019-05-03T12:35:29","date_gmt":"2019-05-03T09:35:29","guid":{"rendered":"https:\/\/www.kaspersky.com.tr\/blog\/?p=5914"},"modified":"2019-11-15T14:29:28","modified_gmt":"2019-11-15T11:29:28","slug":"details-shadow-hammer","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com.tr\/blog\/details-shadow-hammer\/5914\/","title":{"rendered":"ShadowHammer: Yeni detaylar"},"content":{"rendered":"<p><a href=\"https:\/\/www.kaspersky.com.tr\/blog\/shadow-hammer-teaser\/5807\/\" target=\"_blank\" rel=\"noopener noreferrer\">ShadowHammer operasyonu ile ilgili \u00f6nceki g\u00f6nderimizde<\/a>, daha fazla detay sunaca\u011f\u0131m\u0131z\u0131 vaat etmi\u015ftik. \u0130nceleme h\u00e2l\u00e2 devam etse de ara\u015ft\u0131rmac\u0131lar\u0131m\u0131z bu sofistike tedarik zinciri sald\u0131r\u0131s\u0131 hakk\u0131ndaki yeni detaylar\u0131 payla\u015fmaya haz\u0131r.<\/p>\n<h3>Operasyonun \u00f6l\u00e7e\u011fi<\/h3>\n<p>Yukar\u0131da da bahsetti\u011fimiz gibi, ASUS sald\u0131rganlar taraf\u0131ndan kullan\u0131lan tek \u015firket de\u011fildi. Uzmanlar\u0131m\u0131z bu olay\u0131 \u00e7al\u0131\u015f\u0131rken benzer algoritmalar kullanan ba\u015fka \u00f6rnekler buldular. ASUS olay\u0131nda oldu\u011fu gibi, \u00f6rnekler di\u011fer \u00fc\u00e7 Asya tedarik\u00e7isinden dijital imzal\u0131 ikilileri kullan\u0131yordu:<\/p>\n<ul>\n<li>Infestation: Survivor Stories adl\u0131 zombi hayatta kalma oyunun yazarlar\u0131 Electronics Extreme,<\/li>\n<li>internet ve BT altyap\u0131 hizmetleri sa\u011flayan ama ayn\u0131 zamanda eskiden oyun geli\u015ftirme alan\u0131nda \u00e7al\u0131\u015fan \u015firket Innovative Extremist,<\/li>\n<li>Point Blank adl\u0131 video oyununu geli\u015ftirmi\u015f G\u00fcney Koreli \u015firket Zepetto.<\/li>\n<\/ul>\n<p>Ara\u015ft\u0131rmac\u0131lar\u0131m\u0131za g\u00f6re, sald\u0131rganlar\u0131n ya kurbanlar\u0131n projelerinin kaynak koduna eri\u015fimi vard\u0131 ya da proje derlemesi s\u0131ras\u0131nda k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131mlar eklediler, bu da demek oluyor ki bu \u015firketlerin a\u011flar\u0131ndayd\u0131lar. Bu da bize bir y\u0131l \u00f6nce rapor edilmi\u015f bir sald\u0131r\u0131y\u0131 hat\u0131rlat\u0131yor: <a href=\"https:\/\/www.kaspersky.com.tr\/blog\/ccleaner-supply-chain\/4819\/\" target=\"_blank\" rel=\"noopener noreferrer\">CCleaner olay\u0131<\/a>.<\/p>\n<p>Ayr\u0131ca, uzmanlar\u0131m\u0131z \u00fc\u00e7 kurban\u0131 daha tespit ettiler: hepsi G\u00fcney Kore\u2019de olmak \u00fczere ba\u015fka bir video oyunu \u015firketi, konglomerat bir \u015firket ve bir eczac\u0131l\u0131k \u015firketi. \u015eimdilik bu kurbanlar hakk\u0131nda ek detaylar payla\u015fam\u0131yoruz \u00e7\u00fcnk\u00fc onlar\u0131 sald\u0131r\u0131lar hakk\u0131nda bilgilendirme s\u00fcrecindeyiz.<\/p>\n<h3>Nihai hedefler<\/h3>\n<p>Electronics Extreme, Innovative Extremist ve Zepetto olaylar\u0131nda ihlal edilmi\u015f yaz\u0131l\u0131m, kurbanlar\u0131n sistemlerine olduk\u00e7a basit bir y\u00fck getirdi. Kullan\u0131c\u0131 adlar\u0131, bilgisayar \u00f6zellikleri ve i\u015fletim sistemi versiyonlar\u0131yla ilgili bilgi toplayabiliyordu. C&amp;C sunucular\u0131ndan k\u00f6t\u00fc ama\u00e7l\u0131 y\u00fckler indirebiliyordu, dolay\u0131s\u0131yla ASUS olay\u0131n\u0131n aksine, potansiyel kurbanlar listesi MAC adresleriyle s\u0131n\u0131rl\u0131 de\u011fildi.<\/p>\n<p>Ayr\u0131ca 600\u2019\u00fc a\u015fk\u0131n MAC adresinin oldu\u011fu liste hedefleri 600\u2019le (ve \u00fcst\u00fcyle) s\u0131n\u0131rlam\u0131yordu; i\u00e7lerinden en az bir tanesi sanal Ethernet ba\u011fda\u015ft\u0131r\u0131c\u0131s\u0131na ait. O cihaz\u0131n t\u00fcm kullan\u0131c\u0131lar\u0131 ayn\u0131 MAC adresini kullan\u0131yor.<\/p>\n<p>Daha fazla teknik bilgi i\u00e7in <a href=\"https:\/\/securelist.com\/operation-shadowhammer-a-high-profile-supply-chain-attack\/90380\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Securelist<\/a> yaz\u0131m\u0131za g\u00f6z at\u0131n.<\/p>\n<h3>Bir tedarik zinciri sald\u0131r\u0131s\u0131nda bir ba\u011flant\u0131 h\u00e2line gelmekten korunma yollar\u0131<\/h3>\n<p>Yukar\u0131da belirtilen t\u00fcm olaylar\u0131n ortak tehdidi, sald\u0131rganlar\u0131n ge\u00e7erli sertifikalara sahip olmalar\u0131 ve kurbanlar\u0131n\u0131n geli\u015fim ortamlar\u0131n\u0131 tehlikeye atmalar\u0131d\u0131r. Dolay\u0131s\u0131yla uzmanlar\u0131m\u0131z, yaz\u0131l\u0131m tedarik\u00e7ilerinin, kod dijital olarak imzalad\u0131ktan sonra bile yaz\u0131l\u0131mlar\u0131n\u0131 potansiyel k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m enjeksiyonlar\u0131na kar\u015f\u0131 kontrol eden yaz\u0131l\u0131m \u00fcretim s\u00fcre\u00e7lerine ba\u015fka bir prosed\u00fcr getirmelerini \u00f6nerir.<\/p>\n<p>Bu gibi sald\u0131r\u0131lar\u0131 \u00f6nlemek i\u00e7in, deneyimli ve uzman tehdit avc\u0131lar\u0131na ihtiyac\u0131n\u0131z var -ve bizde mevcut. Hedefli Sald\u0131r\u0131 Ke\u015ffi sayesinde uzmanlar\u0131m\u0131z, alt\u0131nda yatan nedenleri ve olaylar\u0131n muhtemel kaynaklar\u0131n\u0131 anlaman\u0131z i\u00e7in a\u011f\u0131n\u0131zdaki mevcut bili\u015fim su\u00e7lusu ve casus faaliyetlerini tan\u0131mlaman\u0131za yard\u0131mc\u0131 olur. Ek olarak, 24 saat s\u00fcren g\u00f6zetim ve devaml\u0131 siber tehdit verileri analizi sunan Kaspersky G\u00f6zetimli Koruma\u2019y\u0131 da sa\u011flayabiliyoruz. G\u00fcvenlik analistlerimizin geli\u015fmi\u015f tehdit ke\u015fifleriyle ilgili daha fazlas\u0131n\u0131 \u00f6\u011frenmek i\u00e7in <a href=\"https:\/\/www.kaspersky.com.tr\/enterprise-security\/threat-hunting\" target=\"_blank\" rel=\"noopener noreferrer\">Kaspersky Threat Hunting<\/a> sayfas\u0131n\u0131 ziyaret edin.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>G\u00f6r\u00fcn\u00fc\u015fe g\u00f6re, ASUS olay\u0131 b\u00fcy\u00fck \u00e7apl\u0131 operasyonun yaln\u0131zca bir par\u00e7as\u0131yd\u0131. <\/p>\n","protected":false},"author":40,"featured_media":5915,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1726,1194],"tags":[1887,1126,337,1908,1611],"class_list":{"0":"post-5914","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-enterprise","8":"category-business","9":"tag-thesas2019","10":"tag-guncelleme","11":"tag-sas","12":"tag-sas-2019","13":"tag-tedarik-zinciri"},"hreflang":[{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/details-shadow-hammer\/5914\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/details-shadow-hammer\/15663\/"},{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/details-shadow-hammer\/13200\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/details-shadow-hammer\/17576\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/details-shadow-hammer\/15722\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/details-shadow-hammer\/14435\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/details-shadow-hammer\/18309\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/details-shadow-hammer\/17225\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/details-shadow-hammer\/22657\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/details-shadow-hammer\/26597\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/details-shadow-hammer\/11697\/"},{"hreflang":"pl","url":"https:\/\/plblog.kaspersky.com\/details-shadow-hammer\/10633\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/details-shadow-hammer\/19084\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/details-shadow-hammer\/23118\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/details-shadow-hammer\/18313\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/details-shadow-hammer\/22506\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/details-shadow-hammer\/22443\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com.tr\/blog\/tag\/sas\/","name":"SAS"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/5914","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/users\/40"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/comments?post=5914"}],"version-history":[{"count":4,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/5914\/revisions"}],"predecessor-version":[{"id":6795,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/5914\/revisions\/6795"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media\/5915"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media?parent=5914"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/categories?post=5914"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/tags?post=5914"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}