{"id":6553,"date":"2019-10-17T12:42:59","date_gmt":"2019-10-17T09:42:59","guid":{"rendered":"https:\/\/www.kaspersky.com.tr\/blog\/?p=6553"},"modified":"2019-11-15T14:22:52","modified_gmt":"2019-11-15T11:22:52","slug":"operation-puss-in-boots","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com.tr\/blog\/operation-puss-in-boots\/6553\/","title":{"rendered":"“\u00c7izmeli Kedi” APT kampanyas\u0131"},"content":{"rendered":"

B\u00fcy\u00fcm\u00fc\u015f de k\u00fc\u00e7\u00fclm\u00fc\u015f \u00e7ocu\u011funuz “Siyasi ama\u00e7l\u0131 APT sald\u0131r\u0131s\u0131 nedir?” diye sorsa ne cevap verece\u011finizi hi\u00e7 d\u00fc\u015f\u00fcnd\u00fcn\u00fcz m\u00fc? Asl\u0131nda cevap \u00e7ok basit. Birlikte Charles Perrault’nun \u00c7izmeli Kedi kitab\u0131n\u0131 siber g\u00fcvenlik a\u00e7\u0131s\u0131ndan bakarak okuman\u0131z yeterli. Ne de olsa konu\u015fan kediler ve devler gibi sanatsal detaylar\u0131 bir kenara b\u0131rak\u0131rsak masal, (kurgusal) bir devlete kar\u015f\u0131 ger\u00e7ekle\u015ftirilen karma\u015f\u0131k bir \u00e7ok vekt\u00f6rl\u00fc APT sald\u0131r\u0131s\u0131n\u0131n \u015fahane bir \u00f6rne\u011fi. Gelin bu su\u00e7u birlikte \u00e7\u00f6zelim.<\/p>\n

Masal, bir de\u011firmencinin \u00f6l\u00fcm\u00fcnden sonra her \u015feyini o\u011fullar\u0131na b\u0131rakmas\u0131yla ba\u015flar. En k\u00fc\u00e7\u00fck o\u011fula mirastan d\u00fc\u015fen pay, \u00c7izmeli Kedi takma ad\u0131n\u0131 kullanan birinin ileti\u015fim bilgileri olur; bu ki\u015finin kiral\u0131k bir hacker oldu\u011fu besbellidir: Shrek 2’den hat\u0131rlayaca\u011f\u0131n\u0131z \u00fczere bu tatl\u0131 dilli kedi yaln\u0131zca alametifarikas\u0131 olan \u00e7izmeleri giymekle kalmaz, bir de siyah \u015fapka takar. M\u00fc\u015fterisiyle k\u0131sa bir konu\u015fma ger\u00e7ekle\u015ftiren siber su\u00e7lu, \u00fclkedeki g\u00fcc\u00fc ele ge\u00e7irmek i\u00e7in al\u00e7ak\u00e7a bir plan yapar.<\/p>\n

Tedarik zincirini kurmak<\/h2>\n
    \n
  1. Kedi, bir tav\u015fan yakalar ve bu tav\u015fan\u0131 Carabas Markisi oldu\u011funu iddia etti\u011fi sahibi de\u011firmencinin o\u011flundan bir hediye olarak krala sunar.<\/li>\n
  2. Ard\u0131ndan kedi iki keklik yakalar; bunlar\u0131 da markiden gelen hediyeler olarak krala g\u00f6t\u00fcr\u00fcr.<\/li>\n
  3. \u00a0Kedi birka\u00e7 ay boyunca markiden geldi\u011fini \u00f6ne s\u00fcrerek krala av hayvan\u0131 sunmaya devam eder.<\/li>\n<\/ol>\n

    T\u00fcm bu oyun ba\u015flamadan \u00f6nce kimse Carabas Markisini tan\u0131mazken, bu haz\u0131rl\u0131k a\u015famas\u0131n\u0131n ard\u0131ndan marki art\u0131k sarayda g\u00fcvenilir bir av eti tedarik\u00e7isi olarak bilinmeye ba\u015flar. Kraliyet muhaf\u0131zlar\u0131n\u0131n en az iki bariz kusuru vard\u0131r. Birincisi, bilinmeyen bir ki\u015fi, saraya av eti g\u00f6ndermeye ba\u015flad\u0131\u011f\u0131nda muhaf\u0131zlar\u0131n uyanmas\u0131 gerekir. Ne de olsa herkes bedava yemek diye bir \u015fey olmad\u0131\u011f\u0131n\u0131 bilir. \u0130kincisi, yeni bir tedarik\u00e7iyle anla\u015f\u0131l\u0131rken yap\u0131lacak ilk \u015fey, etrafta nas\u0131l tan\u0131nd\u0131\u011f\u0131n\u0131 kontrol etmektir.<\/p>\n

    Kap\u0131y\u0131 a\u00e7mak i\u00e7in toplumsal m\u00fchendislik<\/h2>\n
      \n
    1. Ard\u0131ndan kedi, “sahibini” nehre g\u00f6t\u00fcr\u00fcr ve onu giysilerini \u00e7\u0131kar\u0131p suya girmeye ikna eder. Kral\u0131n arabas\u0131 ge\u00e7ti\u011fi s\u0131rada kedi, markinin giysilerinin y\u00fczerken \u00e7al\u0131nd\u0131\u011f\u0131n\u0131 s\u00f6yleyerek yard\u0131m ister.<\/li>\n<\/ol>\n

      Kedi burada iki oyun oynamaktad\u0131r: Hem \u0131slak gen\u00e7 adam\u0131n s\u0131radan bir yabanc\u0131 de\u011fil, g\u00fcvenilir bir av eti tedarik\u00e7isi oldu\u011funu iddia eder, hem de daha \u00f6nceden \u00f6zverili bir \u015fekilde kendi yard\u0131m\u0131n\u0131 sunmu\u015f biri olarak deste\u011fe ihtiyac\u0131 oldu\u011funu dile getirir. Sahte marki, k\u0131yafetleri olmad\u0131\u011f\u0131 i\u00e7in kendi kimli\u011fini do\u011frulayamaz. Kral, bu basit oyuna gelir ve sahte kimli\u011fi ger\u00e7ek san\u0131r. Bu, klasik bir toplumsal m\u00fchendislik \u00f6rne\u011fidir.<\/p>\n

      Devin web sitesiyle “watering hole” sald\u0131r\u0131s\u0131<\/h2>\n
        \n
      1. Kedi onur konu\u011fu olarak devin \u015fatosuna gelir ve ev sahibinden b\u00fcy\u00fc yeteneklerini sergilemesini ister. Gururu ok\u015fanan dev, kendini bir aslana d\u00f6n\u00fc\u015ft\u00fcr\u00fcr. Korkmu\u015f gibi yapan kedi, herkesin koca bir canavara d\u00f6n\u00fc\u015febilece\u011fini, esas marifetin k\u00fc\u00e7\u00fck bir yarat\u0131\u011fa d\u00f6n\u00fc\u015febilmek oldu\u011funu s\u00f6yler. Kolay aldanan dev, bir fareye d\u00f6n\u00fc\u015f\u00fcr ve ya\u015fam\u0131 kedinin patileri aras\u0131nda son bulur.<\/li>\n<\/ol>\n

        Aldatmacay\u0131 tamamlayabilmek i\u00e7in markinin bir web sitesine ihtiyac\u0131 vard\u0131r. Hangi tedarik\u00e7inin web sitesi olmaz ki? S\u0131f\u0131rdan bir site yaratmak gereksiz bir u\u011fra\u015ft\u0131r: B\u00f6yle bir sitenin ge\u00e7mi\u015fi olmaz ve olu\u015fturulma tarihi \u015f\u00fcphe uyand\u0131r\u0131r. Bu y\u00fczden var olan bir siteyi ele ge\u00e7irmeye karar verir. Perrault burada kabaca gev\u015fek eri\u015fim izinleriyle ilgili bir g\u00fcvenlik a\u00e7\u0131\u011f\u0131n\u0131 betimlemi\u015ftir. Kedi, harici bir s\u0131zma testi uzman\u0131 olarak giri\u015f yapar ve yerel y\u00f6neticiyi eri\u015fim kontrol sisteminde \u00e7e\u015fitli \u015feyler yapmaya ikna eder. Y\u00f6netici ilk \u00f6nce kendi ayr\u0131cal\u0131klar\u0131n\u0131 root ayr\u0131cal\u0131klar\u0131na y\u00fckseltir (aslan), ard\u0131ndan misafir ayr\u0131cal\u0131klar\u0131na d\u00fc\u015f\u00fcr\u00fcr (fare). Bu olur olmaz kedi, “fare” izinlerine sahip hesab\u0131 siler ve web sitesinin tek y\u00f6neticisi haline gelir.<\/p>\n

        Toplumsal m\u00fchendislik istenen \u015fekilde ilerledi\u011finde olan budur. Kurban, art\u0131k k\u00f6t\u00fc ama\u00e7l\u0131 hale gelen web sitesini ziyaret eder ve bu sitede bir anla\u015fma yaparak hackera de\u011ferli varl\u0131klar\u0131n\u0131 (bu masalda taht\u0131) sunar. Elbette bunu do\u011frudan yapmaz: Masaldaki kral, k\u0131z\u0131n\u0131 sahte markiyle evlendirdi\u011fini zannetmektedir.<\/p>\n

        Tedarik zinciri sald\u0131r\u0131s\u0131<\/h2>\n

        Perrault sonras\u0131n\u0131 anlatm\u0131yor ama \u015fimdiye kadar anlat\u0131lanlara dikkat ettiyseniz masal\u0131n sonunda Carabas Markisinin<\/p>\n

          \n
        • \u00a0birka\u00e7 ay boyunca kraliyet sofras\u0131na av eti temin ederek kral\u0131n g\u00fcvenilir tedarik\u00e7isi haline geldi\u011fini ve<\/li>\n
        • kral\u0131n tek k\u0131z\u0131yla evlendi\u011fini g\u00f6rd\u00fcn\u00fcz.<\/li>\n<\/ul>\n

          Art\u0131k s\u0131n\u0131rs\u0131z g\u00fc\u00e7le aras\u0131nda duran tek \u015fey, tahtta oturan ya\u015fl\u0131 adam. Tek h\u00fck\u00fcmdar olmak i\u00e7in tek yapmas\u0131 gereken, bir sonraki kekli\u011fin i\u00e7ine \u00f6ld\u00fcr\u00fcc\u00fc bir vir\u00fcs enjekte etmek; sonra da arkas\u0131na yaslan\u0131p beklemek.<\/p>\n\n

           <\/p>\n","protected":false},"excerpt":{"rendered":"

          Charles Perrault, kiral\u0131k hackerlar\u0131n toplumsal m\u00fchendisli\u011fi ve “watering hole” sald\u0131r\u0131lar\u0131n\u0131 nas\u0131l siyasi ama\u00e7larla kulland\u0131\u011f\u0131n\u0131 anlat\u0131yor.<\/p>\n","protected":false},"author":700,"featured_media":6554,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1726,1194,995],"tags":[493,661,2041,1611,537,2039,2040],"class_list":{"0":"post-6553","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-enterprise","8":"category-business","9":"category-technology","10":"tag-apt","11":"tag-cocuklar","12":"tag-peri-masallari","13":"tag-tedarik-zinciri","14":"tag-tehditler","15":"tag-toplumsal-muhendislik","16":"tag-watering-hole"},"hreflang":[{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/operation-puss-in-boots\/6553\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/operation-puss-in-boots\/16781\/"},{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/operation-puss-in-boots\/14170\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/operation-puss-in-boots\/18768\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/operation-puss-in-boots\/16815\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/operation-puss-in-boots\/15560\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/operation-puss-in-boots\/19468\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/operation-puss-in-boots\/18129\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/operation-puss-in-boots\/23771\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/operation-puss-in-boots\/28963\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/operation-puss-in-boots\/12415\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/operation-puss-in-boots\/12466\/"},{"hreflang":"pl","url":"https:\/\/plblog.kaspersky.com\/operation-puss-in-boots\/11331\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/operation-puss-in-boots\/20371\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/operation-puss-in-boots\/24354\/"},{"hreflang":"nl","url":"https:\/\/www.kaspersky.nl\/blog\/operation-puss-in-boots\/24789\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/operation-puss-in-boots\/19234\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/operation-puss-in-boots\/23550\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/operation-puss-in-boots\/23400\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com.tr\/blog\/tag\/tehditler\/","name":"tehditler"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/6553","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/users\/700"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/comments?post=6553"}],"version-history":[{"count":4,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/6553\/revisions"}],"predecessor-version":[{"id":6711,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/6553\/revisions\/6711"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media\/6554"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media?parent=6553"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/categories?post=6553"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/tags?post=6553"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}