{"id":13500,"date":"2023-07-14T08:00:00","date_gmt":"2023-07-14T05:00:00","guid":{"rendered":"https:\/\/rockvell.com\/?p=13500"},"modified":"2023-07-14T11:49:45","modified_gmt":"2023-07-14T08:49:45","slug":"kaspersky-andariel-kiberqrupunun-yeni-mur%c9%99kk%c9%99b-kampaniyasini-askarlayib","status":"publish","type":"post","link":"https:\/\/rockvell.com\/?p=13500","title":{"rendered":"Kaspersky \u201cAndariel\u201d kiberqrupunun yeni m\u00fcr\u0259kk\u0259b kampaniyas\u0131n\u0131 a\u015fkarlay\u0131b"},"content":{"rendered":"\n

Kaspersky \u201cAndariel\u201d kiberqrupunun yeni m\u00fcr\u0259kk\u0259b kampaniyas\u0131n\u0131 a\u015fkarlay\u0131b<\/strong><\/p>\n\n\n\n

Kaspersky m\u00fct\u0259x\u0259ssisl\u0259ri \u201cLazarus\u201d-un t\u0259rkib hiss\u0259si olan \u201cAndariel\u201d kiberqrupunun arsenal\u0131nda yeni al\u0259t a\u015fkar edibl\u0259r – EarlyRat adland\u0131r\u0131lan uzaqdan giri\u015f troyan\u0131. \u201cAndariel\u201d onu DTrack<\/a> casus proqram\u0131 v\u0259 Maui<\/a> fidy\u0259 proqram\u0131 il\u0259 birlikd\u0259 istifad\u0259 edir.<\/p>\n\n\n\n

\u0130lkin yoluxma Log4j eksploytunun k\u00f6m\u0259yil\u0259 ba\u015f verir. Ondan istifad\u0259 edil\u0259n hallardan birini t\u0259hlil ed\u0259n Kaspersky m\u00fct\u0259x\u0259ssisl\u0259ri EarlyRat troyan versiyas\u0131n\u0131 a\u015fkar edibl\u0259r. T\u0259dqiqat zaman\u0131 m\u0259lum olub ki, z\u0259r\u0259rli proqram Log4j-d\u0259n istifad\u0259 ed\u0259r\u0259k a\u015fkar edilmi\u015f bo\u015fluq v\u0259 ya fi\u015finq s\u0259n\u0259dl\u0259rind\u0259ki linkl\u0259r vasit\u0259sil\u0259 cihaza daxil ola bil\u0259r.<\/p>\n\n\n

\n
\"\"<\/figure><\/div>\n\n\n

Fi\u015finq s\u0259n\u0259dinin n\u00fcmun\u0259si <\/em><\/em><\/p>\n\n\n\n

Kaspersky m\u00fct\u0259x\u0259ssisl\u0259ri \u0259mrl\u0259rin icras\u0131 prosesini yenid\u0259n yaratma\u011fa nail olublar. M\u0259lum olub ki, onlar t\u0259cr\u00fcb\u0259siz olma ehtimal\u0131 y\u00fcks\u0259k olan bir operator – insan t\u0259r\u0259find\u0259n h\u0259yata ke\u00e7irilib. \u00c7oxsayl\u0131 s\u0259hvl\u0259r v\u0259 yaz\u0131 s\u0259hvl\u0259ri bunu ayd\u0131n \u015f\u0259kild\u0259 s\u00fcbut edir, m\u0259s\u0259l\u0259n, “Program” \u0259v\u0259zin\u0259 “Prorgram” yaz\u0131lmas\u0131.<\/p>\n\n\n\n

EarlyRat z\u0259r\u0259rli proqram\u0131, bir \u00e7ox dig\u0259r Remote Access Trojans (RATs) kimi, aktivl\u0259\u015fdirildikd\u0259n sonra sistem m\u0259lumatlar\u0131n\u0131 toplay\u0131r v\u0259 m\u00fc\u0259yy\u0259n n\u00fcmun\u0259y\u0259 uy\u011fun olaraq komanda v\u0259 idar\u0259etm\u0259 serverin\u0259 g\u00f6nd\u0259rir. Onun \u00f6t\u00fcrd\u00fcy\u00fc m\u0259lumatlara yoluxmu\u015f ma\u015f\u0131nlar\u0131n unikal identifikatorlar\u0131 v\u0259 bu identifikatorlar\u0131n k\u00f6m\u0259yil\u0259 \u015fifr\u0259l\u0259n\u0259n sor\u011fular daxildir.<\/p>\n\n\n\n

Funksionall\u0131q bax\u0131m\u0131ndan EarlyRat troyan\u0131 sad\u0259dir v\u0259 \u0259sas\u0259n \u0259mrl\u0259ri icra etm\u0259kl\u0259 \u00f6z i\u015fini tamamlay\u0131r. O, \u201cLazarus\u201d arsenal\u0131na daxil olan z\u0259r\u0259rli proqram<\/a> \u201cMagicRat\u201d il\u0259 y\u00fcks\u0259k s\u0259viyy\u0259d\u0259 ox\u015farl\u0131\u011fa malikdir. Ox\u015farl\u0131qlar s\u0131ras\u0131na \u00e7\u0259r\u00e7iv\u0259l\u0259rin istifad\u0259si (MagicRat \u00fc\u00e7\u00fcn QT v\u0259 EarlyRat \u00fc\u00e7\u00fcn PureBasic) v\u0259 h\u0259r iki troyan\u0131n m\u0259hdud funksionall\u0131\u011f\u0131 daxildir.<\/p>\n\n\n\n

\u201cT\u0259rkibi d\u0259yi\u015fdiril\u0259n \u00e7oxlu kiberqruplar g\u00f6r\u00fcr\u00fck. M\u00fcxt\u0259lif n\u00f6v z\u0259r\u0259rli proqramlar aras\u0131nda ke\u00e7id ed\u0259r\u0259k, m\u00fcst\u0259qil qurumlar kimi q\u0259bul edil\u0259 bil\u0259n \u0259laq\u0259li t\u0259\u015fkilatlar da daxil olmaqla, dig\u0259r kiberqruplar\u0131n kodunun adaptasiyas\u0131 onlar \u00fc\u00e7\u00fcn adi bir t\u0259cr\u00fcb\u0259dir. M\u00fcr\u0259kk\u0259b \u0259m\u0259liyyatlara \u0259lav\u0259 olaraq, \u201cLazarus\u201d-un \u201cAndariel\u201d kimi altqruplar\u0131 fidy\u0259 proqramlar\u0131n\u0131n cihazlara daxil edilm\u0259si kimi daha tipik kibercinay\u0259tkarl\u0131q f\u0259aliyy\u0259tl\u0259rini h\u0259yata ke\u00e7irir. \u201cAndariel\u201d-in aq\u015fkar olundu\u011fu insidentl\u0259rd\u0259 oldu\u011fu kimi, taktika, texnika v\u0259 prosedurlar haqq\u0131nda bilik, \u0259laq\u0259l\u0259ndirm\u0259 vaxt\u0131n\u0131 \u0259h\u0259miyy\u0259tli d\u0259r\u0259c\u0259d\u0259 azalda v\u0259 h\u00fccumlar\u0131 ilkin m\u0259rh\u0259l\u0259d\u0259 a\u015fkarlaya bil\u0259r\u201d, – Qlobal T\u0259dqiqatlar v\u0259 T\u0259hl\u00fck\u0259l\u0259rin T\u0259hlili M\u0259rk\u0259zinin r\u0259hb\u0259ri \u0130qor Kuznetsov qeyd edir.<\/p>\n\n\n\n

\u201cAndariel\u201d kampaniyas\u0131 haqq\u0131nda \u0259trafl\u0131 m\u0259lumat\u0131 Securelist.ru sayt\u0131ndak\u0131 hesabatda g\u00f6r\u0259 bil\u0259rsiniz: https:\/\/securelist.com\/lazarus-andariel-mistakes-and-easyrat\/110119\/<\/a>.<\/p>\n\n\n\n

H\u0259d\u0259fli kiberh\u00fccumlar\u0131n riskl\u0259rini minimuma endirm\u0259k \u00fc\u00e7\u00fcn Kaspersky \u015firk\u0259tl\u0259r\u0259 t\u00f6vsiy\u0259 edir:<\/p>\n\n\n\n