Kaspersky m\u00fct\u0259x\u0259ssisl\u0259ri \u00e7\u0259tin a\u015fkarlanan *SessionManager sistem bo\u015flu\u011funu (backdoor) a\u015fkara \u00e7\u0131xar\u0131b. Onun vasit\u0259sil\u0259 korporativ \u0130T infrastrukturuna daxil olmaq v\u0259 geni\u015f spektrli z\u0259r\u0259rli f\u0259aliyy\u0259tl\u0259r h\u0259yata ke\u00e7irm\u0259k m\u00fcmk\u00fcnd\u00fcr: korporativ m\u0259ktublar\u0131 oxumaq, z\u0259r\u0259rli proqramlar\u0131 yaymaq v\u0259 yoluxmu\u015f serverl\u0259ri uzaqdan idar\u0259 etm\u0259k.<\/p>\n\n\n\n
T\u0259cav\u00fczkarlar z\u0259r\u0259rli proqram\u0131 sistem\u0259 uzaqdan, \u00f6z\u00fcnd\u0259 Exchange po\u00e7t serverini ehtiva ed\u0259n veb-xidm\u0259tl\u0259r d\u0259sti olan Microsoft IIS \u00fc\u00e7\u00fcn modul \u015f\u0259klind\u0259 yeridirl\u0259r. \u015eirk\u0259tin ist\u0259nil\u0259n \u0259m\u0259kda\u015f\u0131 Microsoft korporativ po\u00e7tundan istifad\u0259 ed\u0259rk\u0259n bu serverin f\u0259aliyy\u0259ti il\u0259 \u00fczl\u0259\u015fir. T\u0259cav\u00fczkarlar SessionManager v\u0259 dig\u0259r z\u0259r\u0259rli IIS modullar\u0131n\u0131 yaymaq \u00fc\u00e7\u00fcn ProxyLogon sistem bo\u015flu\u011fundan istifad\u0259 edirl\u0259r.<\/p>\n\n\n\n
Kaspersky-nin m\u0259lumat\u0131na g\u00f6r\u0259, SessionManager-d\u0259n istifad\u0259 il\u0259 h\u0259yata ke\u00e7iril\u0259n ilk h\u00fccumlar 2021-ci ilin mart ay\u0131n\u0131n sonunda qeyd\u0259 al\u0131n\u0131b. Qurbanlar \u0259sas\u0259n Afrika, C\u0259nubi Asiya, Avropa v\u0259 Yax\u0131n \u015e\u0259rqd\u0259ki d\u00f6vl\u0259t qurumlar\u0131 v\u0259 qeyri-kommersiya t\u0259\u015fkilatlar\u0131 olub. Bu \u201cbackdoor\u201d indiy\u0259d\u0259k 24 \u015firk\u0259td\u0259 34 serverd\u0259 a\u015fkarlan\u0131b. SessionManager \u0259ks\u0259r hallarda diqq\u0259td\u0259n k\u0259narda qal\u0131r, \u00e7\u00fcnki o, \u0259n populyar onlayn skanerl\u0259r t\u0259r\u0259find\u0259n \u00e7\u0259tinlikl\u0259 a\u015fkar edilir.<\/p>\n\n\n\n
Kaspersky m\u0259hsullar\u0131 SessionManager-i u\u011furla a\u015fkar edir v\u0259 bu bo\u015fluq vasit\u0259sil\u0259 edil\u0259 bil\u0259c\u0259k g\u0259l\u0259c\u0259k kiberh\u00fccumlar\u0131 d\u0259f etm\u0259y\u0259 k\u00f6m\u0259k edir.<\/p>\n\n\n\n
\u201c2021-ci ilin \u0259vv\u0259lind\u0259 ictimaiyy\u0259t\u0259 m\u0259lum Microsoft Exchange serverind\u0259ki ProxyLogon sistem bo\u015flu\u011fu t\u0259cav\u00fczkarlara aktiv istifad\u0259 etdikl\u0259ri h\u00fccumlar \u00fc\u00e7\u00fcn, o c\u00fcml\u0259d\u0259n, IIS veb server modullar\u0131 \u015f\u0259klind\u0259 \u201cbackdoor\u201d-lar\u0131 y\u00fckl\u0259m\u0259k \u00fc\u00e7\u00fcn yeni imkanlar a\u00e7\u0131b. Bu tip z\u0259r\u0259rli proqramlardan biri olan SessionManager-in k\u00f6m\u0259yi il\u0259 t\u0259cav\u00fczkarlar korporativ \u0130T infrastrukturuna yenil\u0259m\u0259y\u0259 qar\u015f\u0131 davaml\u0131, uzunm\u00fcdd\u0259tli v\u0259 u\u011furla gizli giri\u015f \u0259ld\u0259 edirl\u0259r\u201d, – dey\u0259 Kaspersky-nin apar\u0131c\u0131 kibert\u0259hl\u00fck\u0259sizlik eksperti Denis Legezo bildirir.<\/p>\n\n\n\n
Bu c\u00fcr z\u0259r\u0259rli proqramlar haqq\u0131nda daha \u00e7ox \u00f6yr\u0259nm\u0259k \u00fc\u00e7\u00fcn Securelist<\/a>-i oxuyun. \u015eirk\u0259tl\u0259ri bu c\u00fcr h\u00fccumlardan qorumaq \u00fc\u00e7\u00fcn is\u0259 Kaspersky t\u00f6vsiy\u0259 edir:<\/p>\n\n\n\n * Yoluxmu\u015f komp\u00fcterin t\u0259cav\u00fczkar t\u0259r\u0259find\u0259n uzaqdan gizlin \u015f\u0259kild\u0259 idar\u0259 edilm\u0259si \u00fc\u00e7\u00fcn n\u0259z\u0259rd\u0259 tutulmu\u015f z\u0259r\u0259rli proqram.<\/em><\/p>\n\n\n\n <\/p>\n","protected":false},"excerpt":{"rendered":" Kaspersky m\u00fct\u0259x\u0259ssisl\u0259ri \u00e7\u0259tin a\u015fkarlanan *SessionManager sistem bo\u015flu\u011funu (backdoor) a\u015fkara \u00e7\u0131xar\u0131b. Onun vasit\u0259sil\u0259 korporativ \u0130T infrastrukturuna daxil olmaq v\u0259 geni\u015f spektrli z\u0259r\u0259rli f\u0259aliyy\u0259tl\u0259r h\u0259yata ke\u00e7irm\u0259k m\u00fcmk\u00fcnd\u00fcr: korporativ m\u0259ktublar\u0131 oxumaq, z\u0259r\u0259rli proqramlar\u0131 yaymaq v\u0259 yoluxmu\u015f serverl\u0259ri uzaqdan…<\/p>\n","protected":false},"author":2,"featured_media":2160,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[10],"tags":[],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/rockvell.com\/index.php?rest_route=\/wp\/v2\/posts\/2159"}],"collection":[{"href":"https:\/\/rockvell.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/rockvell.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/rockvell.com\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/rockvell.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2159"}],"version-history":[{"count":1,"href":"https:\/\/rockvell.com\/index.php?rest_route=\/wp\/v2\/posts\/2159\/revisions"}],"predecessor-version":[{"id":2161,"href":"https:\/\/rockvell.com\/index.php?rest_route=\/wp\/v2\/posts\/2159\/revisions\/2161"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/rockvell.com\/index.php?rest_route=\/wp\/v2\/media\/2160"}],"wp:attachment":[{"href":"https:\/\/rockvell.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2159"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/rockvell.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2159"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/rockvell.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2159"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}