{"id":17781,"date":"2023-11-07T04:00:00","date_gmt":"2023-11-07T01:00:00","guid":{"rendered":"https:\/\/rockvell.com\/?p=17781"},"modified":"2023-11-07T08:39:13","modified_gmt":"2023-11-07T05:39:13","slug":"stripedfly","status":"publish","type":"post","link":"https:\/\/rockvell.com\/?p=17781","title":{"rendered":"\u201cStripedFly\u201d"},"content":{"rendered":"\n

\u201cStripedFly\u201d: m\u00fcr\u0259kk\u0259b koda v\u0259 casusluq imkanlar\u0131na malik m\u0259d\u0259n\u00e7i-qurd<\/strong><\/p>\n\n\n\n

\u201cKaspersky\u201d m\u00fct\u0259x\u0259ssisl\u0259ri \u201cStripedFly\u201d ad\u0131 veril\u0259n \u0259vv\u0259ll\u0259r m\u0259lum olmayan v\u0259 son d\u0259r\u0259c\u0259 m\u00fcr\u0259kk\u0259b z\u0259r\u0259rli proqram a\u015fkar edibl\u0259r. 2017-ci ild\u0259n b\u0259ri d\u00fcnya \u00fczr\u0259 bir milyondan \u00e7ox istifad\u0259\u00e7i onun qurban\u0131na \u00e7evrilib v\u0259 indi daha az aktiv olsa da, h\u00fccumlara davam edir. Uzun m\u00fcdd\u0259tdir onun adi bir kriptom\u0259d\u0259n\u00e7i oldu\u011fu g\u00fcman edils\u0259 d\u0259 sonradan \u00e7oxfunksiyal\u0131, funksional \u00e7\u0259r\u00e7iv\u0259y\u0259 malik m\u00fcr\u0259kk\u0259b bir proqram oldu\u011fu m\u0259lum olub. \u201cKaspersky\u201d t\u0259dqiqat\u00e7\u0131lar\u0131 bu bar\u0259d\u0259 \u201cSecurity Analyst Summit<\/a>\u201d t\u0259dbirind\u0259 dan\u0131\u015f\u0131blar.<\/p>\n\n\n

\n
\"\"<\/figure><\/div>\n\n\n

2022-ci ild\u0259 \u201cKaspersky\u201dnin Qlobal T\u0259dqiqat v\u0259 Analiz Qrupunun (GReAT) m\u00fct\u0259x\u0259ssisl\u0259ri bu z\u0259r\u0259rli proqram\u0131n i\u015ftirak etdiyi iki yeni insident a\u015fkar edibl\u0259r. Onlar \u201cWindows\u201dda \u201cwininit.exe\u201d sistem prosesi il\u0259 \u0259laq\u0259li olub. Prosesin t\u0259rkib hiss\u0259si kimi \u0259vv\u0259ll\u0259r \u201cEquation\u201d z\u0259r\u0259rli proqram\u0131nda istifad\u0259 edilmi\u015f kod ard\u0131c\u0131ll\u0131\u011f\u0131 a\u015fkar edilib. Tap\u0131lan n\u00fcmun\u0259l\u0259rin f\u0259aliyy\u0259ti \u0259n az\u0131 2017-ci ild\u0259n aktual olsa da, \u0259vv\u0259ll\u0259r adi kriptominatorla s\u0259hv sal\u0131nd\u0131\u011f\u0131 \u00fc\u00e7\u00fcn onun ilkin analiz m\u0259rh\u0259l\u0259sind\u0259 d\u0259rhal h\u0259rt\u0259r\u0259fli \u00f6yr\u0259nilm\u0259si ba\u015f tutmay\u0131b. Geni\u015f ara\u015fd\u0131rmadan sonra m\u0259lum olub ki, kriptom\u0259d\u0259n\u00e7i \u00e7oxlu plaginl\u0259r\u0259 malik m\u00fcr\u0259kk\u0259b multiplatformal\u0131 strukturun yaln\u0131z bir hiss\u0259sidir.<\/p>\n\n\n\n

A\u015fkar edilmi\u015f z\u0259r\u0259rli proqram\u0131n bir \u00e7ox modullar\u0131 t\u0259cav\u00fczkarlara ondan APT h\u00fccumlar\u0131n\u0131n bir hiss\u0259si, h\u0259m\u00e7inin kriptom\u0259d\u0259n\u00e7i v\u0259 ya h\u0259tta fidy\u0259 proqram\u0131 kimi istifad\u0259 etm\u0259y\u0259 imkan verir. M\u00fcvafiq olaraq, t\u0259cav\u00fczkarlar\u0131n m\u00fcmk\u00fcn motivl\u0259rinin siyah\u0131s\u0131 maddi qazancdan casuslu\u011fa q\u0259d\u0259r \u0259h\u0259miyy\u0259tli d\u0259r\u0259c\u0259d\u0259 geni\u015fl\u0259nir. Maraql\u0131d\u0131r ki, z\u0259r\u0259rli modul vasit\u0259sil\u0259 \u00e7\u0131xar\u0131lm\u0131\u015f \u201cMonero\u201d kriptovalyutas\u0131n\u0131n d\u0259y\u0259ri 2018-ci il yanvar\u0131n 9-da \u0259n y\u00fcks\u0259k h\u0259dd\u0259, y\u0259ni 542,33 dollara \u00e7at\u0131b. M\u00fcqayis\u0259 \u00fc\u00e7\u00fcn qeyd ed\u0259k ki, 2017-ci ild\u0259 onun qiym\u0259ti t\u0259xmin\u0259n 10 dollar olub. Haz\u0131rda bu kriptovalyutan\u0131n d\u0259y\u0259ri 150 dollard\u0131r. \u201cKaspersky\u201d m\u00fct\u0259x\u0259ssisl\u0259ri vur\u011fulay\u0131rlar ki, m\u0259d\u0259n\u00e7ilik \u00fc\u00e7\u00fcn n\u0259z\u0259rd\u0259 tutulan modul z\u0259r\u0259rli proqramlar\u0131n uzun m\u00fcdd\u0259t \u0259rzind\u0259 tam a\u015fkara \u00e7\u0131xar\u0131la bilm\u0259m\u0259sins\u0259 s\u0259b\u0259b olan \u0259sas amildir.<\/p>\n\n\n\n

T\u0259cav\u00fczkarlar\u0131n qurbanlara qar\u015f\u0131 gizli casusluq etm\u0259k \u00fc\u00e7\u00fcn \u00e7oxlu imkanlar\u0131 var. Z\u0259r\u0259rli proqram h\u0259r iki saatdan bir hesab m\u0259lumatlar\u0131n\u0131 toplay\u0131r. M\u0259lumatlar aras\u0131nda vebsayta daxil olmaq v\u0259 ya Wi-Fi-ya qo\u015fulmaq \u00fc\u00e7\u00fcn login v\u0259 \u015fifr\u0259l\u0259r v\u0259 ya \u015f\u0259xsin ad\u0131, \u00fcnvan\u0131, telefon n\u00f6mr\u0259si, i\u015f yeri v\u0259 v\u0259zif\u0259si daxil olmaqla \u015f\u0259xsi m\u0259lumatlar yer al\u0131r. Bundan \u0259lav\u0259, z\u0259r\u0259rli proqram qurban\u0131n cihaz\u0131ndan gizlin \u015f\u0259kild\u0259 ekran g\u00f6r\u00fcnt\u00fcs\u00fc \u00e7\u0259k\u0259, cihaza tam n\u0259zar\u0259t ed\u0259 v\u0259 h\u0259tta mikrofondan s\u0259s m\u0259lumatlar\u0131n\u0131 yaza bil\u0259r.<\/p>\n\n\n\n

Komp\u00fcterin yoluxmas\u0131n\u0131n ilkin m\u0259nb\u0259yi uzun m\u00fcdd\u0259t nam\u0259lum olaraq qal\u0131b. \u201cKaspersky\u201d t\u0259r\u0259find\u0259n apar\u0131lan sonrak\u0131 ara\u015fd\u0131rmalar t\u0259cav\u00fczkarlar\u0131n bu m\u0259qs\u0259dl\u0259 \u00f6z \u201cEternalBlue \u201cSMBv1\u201d istismar\u0131ndan istifad\u0259 etdiyini m\u00fc\u0259yy\u0259n edib. \u201cEternalBlue\u201d z\u0259ifliyi h\u0259l\u0259 2017-ci ild\u0259 a\u015fkar edilib, bundan sonra \u201cMicrosoft\u201d d\u00fcz\u0259li\u015f yama\u011f\u0131 (MS17-010) burax\u0131b. Bununla bel\u0259, t\u0259hl\u00fck\u0259 h\u0259l\u0259 d\u0259 aktuald\u0131r, \u00e7\u00fcnki b\u00fct\u00fcn istifad\u0259\u00e7il\u0259r sistemi yenil\u0259mir.<\/p>\n\n\n\n

Kampaniyan\u0131n texniki t\u0259hlili zaman\u0131 \u201cKaspersky\u201d m\u00fct\u0259x\u0259ssisl\u0259ri \u201cEquation\u201d z\u0259r\u0259rli proqram\u0131 il\u0259 ox\u015farl\u0131qlar a\u015fkar edibl\u0259r. Buraya texniki g\u00f6st\u0259ricil\u0259r, o c\u00fcml\u0259d\u0259n imzalar, proqramla\u015fd\u0131rma \u00fcslubu v\u0259 \u201cStraitBizzare\u201d (SBZ) z\u0259r\u0259rli proqram\u0131nda istifad\u0259 edil\u0259nl\u0259r\u0259 ox\u015far \u00fcsullar daxildir. Endirm\u0259 say\u011fac\u0131 m\u0259lumatlar\u0131na \u0259sas\u0259n \u201cStripedFly\u201d\u0131n d\u00fcnya \u00fczr\u0259 bir milyondan \u00e7ox istifad\u0259\u00e7ini h\u0259d\u0259f\u0259 ald\u0131\u011f\u0131 m\u00fc\u0259yy\u0259n edilib.<\/p>\n\n\n\n

\u201cBu \u00e7\u0259r\u00e7iv\u0259ni yaratmaq \u00fc\u00e7\u00fcn s\u0259rf olunan s\u0259yl\u0259r h\u0259qiq\u0259t\u0259n t\u0259\u0259cc\u00fcbl\u0259ndirir. Kibert\u0259hl\u00fck\u0259sizlik m\u00fct\u0259x\u0259ssisl\u0259ri \u00fc\u00e7\u00fcn \u0259sas problem t\u0259cav\u00fczkarlar\u0131n daim d\u0259yi\u015f\u0259n \u015f\u0259rtl\u0259r\u0259 uy\u011funla\u015fmas\u0131d\u0131r. Buna g\u00f6r\u0259 d\u0259, biz t\u0259dqiqat\u00e7\u0131lar \u00fc\u00e7\u00fcn m\u00fcr\u0259kk\u0259b kibert\u0259hl\u00fck\u0259l\u0259ri m\u00fc\u0259yy\u0259n etm\u0259k \u00fc\u00e7\u00fcn g\u00fcc\u00fcm\u00fcz\u00fc bir araya g\u0259tirm\u0259yimiz v\u0259 m\u00fc\u015ft\u0259ril\u0259rin kiberh\u00fccumlardan h\u0259rt\u0259r\u0259fli m\u00fcdafi\u0259ni yaddan \u00e7\u0131xarmamas\u0131 vacibdir\u201d, – dey\u0259 \u201cKaspersky\u201dnin kibert\u0259hl\u00fck\u0259sizlik \u00fczr\u0259 eksperti Sergey Lojkin qeyd edir.<\/p>\n\n\n\n

Kibercinay\u0259tkarlar\u0131n m\u0259qs\u0259dy\u00f6nl\u00fc h\u00fccumlar\u0131ndan qorunmaq \u00fc\u00e7\u00fcn \u201cKaspersky\u201d m\u00fct\u0259x\u0259ssisl\u0259ri t\u00f6vsiy\u0259 edirl\u0259r:<\/p>\n\n\n\n