{"id":15290,"date":"2023-09-01T10:00:00","date_gmt":"2023-09-01T07:00:00","guid":{"rendered":"https:\/\/rockvell.com\/?p=15290"},"modified":"2023-09-03T11:26:33","modified_gmt":"2023-09-03T08:26:33","slug":"trianqulyasiya-%c9%99m%c9%99liyyati-n%c9%99dir","status":"publish","type":"post","link":"https:\/\/rockvell.com\/?p=15290","title":{"rendered":"\u201cTrianqulyasiya \u018fm\u0259liyyat\u0131\u201d n\u0259dir"},"content":{"rendered":"\n

\u201cTrianqulyasiya \u018fm\u0259liyyat\u0131\u201d n\u0259dir?<\/strong><\/p>\n\n\n\n

\u201cTrianqulyasiya \u018fm\u0259liyyat\u0131\u201d iOS \u0259m\u0259liyyat sistemi il\u0259 i\u015fl\u0259y\u0259n cihazlara h\u00fccumlar\u0131n h\u0259yata ke\u00e7irildiyi APT (Advanced Persistent Threat \u2013 y\u00fcks\u0259k m\u00fcr\u0259kk\u0259bliy\u0259 malik davaml\u0131 h\u0259d\u0259fli h\u00fccum) kampaniyas\u0131d\u0131r.<\/p>\n\n\n

\n
\"\"<\/figure><\/div>\n\n\n

M<\/strong>\u0259qs\u0259di n\u0259 idi?<\/strong><\/p>\n\n\n\n

T\u0259cav\u00fczkarlar\u0131n m\u0259qs\u0259di casusluq idi. Casus proqram qurban\u0131n cihaz\u0131ndan m\u0259lumatlar\u0131 uzaq serverl\u0259r\u0259 \u00f6t\u00fcr\u00fcb. T\u0259cav\u00fczkarlar\u0131 mikrofonlardan s\u0259syaz\u0131lar\u0131, messencerl\u0259rd\u0259n foto\u015f\u0259kill\u0259r, geolokasiya v\u0259 dig\u0259r istifad\u0259\u00e7i m\u0259lumatlar\u0131 maraqland\u0131r\u0131rd\u0131.<\/p>\n\n\n\n

T\u0259cav\u00fczkarlar\u0131 kim v\u0259 nec\u0259 if\u015fa edib?<\/strong><\/p>\n\n\n\n

H\u00fccumlar\u0131 \u201cKaspersky Unified Monitoring and Analysis Platform (KUMA)\u201d SIEM sistemi say\u0259sind\u0259 Kaspersky m\u00fct\u0259x\u0259ssisl\u0259ri a\u015fkar edibl\u0259r. Bu, \u00f6z korporativ Wi-Fi \u015f\u0259b\u0259k\u0259mizd\u0259n al\u0131nan \u015f\u0259b\u0259k\u0259 trafikini t\u0259hlil ed\u0259rk\u0259n ba\u015f verib. Sonrak\u0131 ara\u015fd\u0131rmalar zaman\u0131 m\u0259lum olub ki, t\u0259cav\u00fczkarlar \u015f\u0259b\u0259k\u0259y\u0259 qo\u015fulmu\u015f onlarla \u201cKaspersky\u201d \u0259m\u0259kda\u015f\u0131na m\u0259xsus iOS cihaz\u0131na h\u00fccum edibl\u0259r.<\/p>\n\n\n\n

H\u00fccumlar nec\u0259 h\u0259yata ke\u00e7irilib?<\/strong><\/p>\n\n\n\n

H\u00fccum \u00fc\u00e7\u00fcn \u0259vv\u0259ll\u0259r m\u0259lum olmayan z\u0259r\u0259rli proqramdan istifad\u0259 edilib. Z\u0259r\u0259rli proqram iMessage-\u0259 gizli \u015f\u0259kild\u0259 s\u0131zd\u0131r\u0131lan istismardan istifad\u0259 ed\u0259r\u0259k qurban\u0131n cihaz\u0131na n\u00fcfuz edib. Bundan istifad\u0259 ed\u0259r\u0259k, t\u0259cav\u00fczkarlar yoluxmu\u015f cihaz \u00fcz\u0259rind\u0259 tam n\u0259zar\u0259ti t\u0259min edib v\u0259 b\u00fct\u00fcn m\u0259lumatlara \u00e7\u0131x\u0131\u015f \u0259ld\u0259 edibl\u0259r. Bu halda istifad\u0259\u00e7inin he\u00e7 bir h\u0259r\u0259k\u0259t etm\u0259sin\u0259 ehtiyac qalmay\u0131b. Bundan sonra infeksiyaya s\u0259b\u0259b olan mesaj avtomatik olaraq silinib.<\/p>\n\n\n\n

\u201cKaspersky\u201d m\u00fct\u0259x\u0259ssisl\u0259ri h\u0259m\u00e7inin a\u015fkar edibl\u0259r ki, t\u0259cav\u00fczkarlar m\u0259lumat toplamaq \u00fc\u00e7\u00fcn \u201cTriangleDB\u201d adl\u0131 casus implant\u0131ndan istifad\u0259 edibl\u0259r. Bu, gizli n\u0259zar\u0259t\u0259 imkan ver\u0259n m\u00fcr\u0259kk\u0259b casus proqramd\u0131r. \u201cTriangleDB\u201d iOS cihaz\u0131nda super istifad\u0259\u00e7i imtiyazlar\u0131 \u0259ld\u0259 etm\u0259k \u00fc\u00e7\u00fcn \u00e7\u0259yird\u0259k z\u0259ifliyind\u0259n u\u011furla istifad\u0259 edildikd\u0259n sonra cihaza yeridilir. O, yaln\u0131z cihaz\u0131n yadda\u015f\u0131nda i\u015fl\u0259yir, ona g\u00f6r\u0259 d\u0259 cihaz yenid\u0259n ba\u015flad\u0131ld\u0131qdan sonra yoluxma izl\u0259ri yoxa \u00e7\u0131x\u0131r. Qurban cihaz\u0131 yenid\u0259n i\u015f\u0259 salarsa, z\u0259r\u0259rli \u0259lav\u0259y\u0259 malik \u201ciMessage\u201d-\u0131 yenid\u0259n g\u00f6nd\u0259rm\u0259kl\u0259 cihaz t\u0259krar\u0259n yoluxdurulmal\u0131d\u0131r.<\/p>\n\n\n\n

Bir iOS cihaz\u0131n\u0131n yoluxub-yoluxmad\u0131\u011f\u0131n\u0131 yoxlamaq m\u00fcmk\u00fcnd\u00fcrm\u00fc?<\/strong><\/p>\n\n\n\n

H\u00fccumlar a\u015fkar edildikd\u0259n sonra \u201cKaspersky\u201d iOS cihaz\u0131n\u0131n yoluxdu\u011funu yoxlamaq \u00fc\u00e7\u00fcn istifad\u0259 edil\u0259 bil\u0259n \u201ctriangle_check\u201d al\u0259ti haz\u0131rlay\u0131b. \u0130stifad\u0259\u00e7il\u0259r h\u0259m\u00e7inin casus proqramla yoluxman\u0131n izl\u0259ri \u00fc\u00e7\u00fcn avtomatik axtar\u0131\u015f apara bil\u0259rl\u0259r. Bunun \u00fc\u00e7\u00fcn siz \u201cGitHub\u201d-dan \u201ctriangle_check\u201d-i komp\u00fcteriniz\u0259 y\u00fckl\u0259m\u0259li, i\u015f\u0259 salmal\u0131 v\u0259 onunla iOS cihaz\u0131n\u0131n ehtiyat n\u00fcsx\u0259sini yoxlamal\u0131s\u0131n\u0131z. \u018ftrafl\u0131 t\u0259limatlar\u0131 Securelist<\/a> sayt\u0131nda tapa bil\u0259rsiniz. \u201cTrianqulyasiya \u018fm\u0259liyyat\u0131\u201d haqq\u0131nda daha \u0259trafl\u0131 m\u0259lumat\u0131 buradan \u00f6yr\u0259n\u0259 bil\u0259rsiniz: https:\/\/securelist.ru\/trng-2023\/<\/a> (rus dilind\u0259) v\u0259 https:\/\/securelist.com\/trng-2023\/<\/a> (ingilis dilind\u0259).<\/p>\n","protected":false},"excerpt":{"rendered":"

\u201cTrianqulyasiya \u018fm\u0259liyyat\u0131\u201d n\u0259dir? \u201cTrianqulyasiya \u018fm\u0259liyyat\u0131\u201d iOS \u0259m\u0259liyyat sistemi il\u0259 i\u015fl\u0259y\u0259n cihazlara h\u00fccumlar\u0131n h\u0259yata ke\u00e7irildiyi APT (Advanced Persistent Threat \u2013 y\u00fcks\u0259k m\u00fcr\u0259kk\u0259bliy\u0259 malik davaml\u0131 h\u0259d\u0259fli h\u00fccum) kampaniyas\u0131d\u0131r. M\u0259qs\u0259di n\u0259 idi? T\u0259cav\u00fczkarlar\u0131n m\u0259qs\u0259di casusluq idi. Casus proqram…<\/p>\n","protected":false},"author":2,"featured_media":8743,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[10],"tags":[],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/rockvell.com\/index.php?rest_route=\/wp\/v2\/posts\/15290"}],"collection":[{"href":"https:\/\/rockvell.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/rockvell.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/rockvell.com\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/rockvell.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=15290"}],"version-history":[{"count":1,"href":"https:\/\/rockvell.com\/index.php?rest_route=\/wp\/v2\/posts\/15290\/revisions"}],"predecessor-version":[{"id":15291,"href":"https:\/\/rockvell.com\/index.php?rest_route=\/wp\/v2\/posts\/15290\/revisions\/15291"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/rockvell.com\/index.php?rest_route=\/wp\/v2\/media\/8743"}],"wp:attachment":[{"href":"https:\/\/rockvell.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=15290"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/rockvell.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=15290"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/rockvell.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=15290"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}