{"id":2251,"date":"2022-07-13T18:16:25","date_gmt":"2022-07-13T15:16:25","guid":{"rendered":"https:\/\/rockvell.com\/?p=2251"},"modified":"2022-07-13T18:16:25","modified_gmt":"2022-07-13T15:16:25","slug":"s%c9%99rqd%c9%99n-g%c9%99l%c9%99n-t%c9%99hluk%c9%99-yeni-kiberqrup-s%c9%99naye-v%c9%99-agilli-binalarin-idar%c9%99etm%c9%99-sisteml%c9%99rin%c9%99-hucum-edir","status":"publish","type":"post","link":"https:\/\/rockvell.com\/?p=2251","title":{"rendered":"\u015e\u0259rqd\u0259n g\u0259l\u0259n t\u0259hl\u00fck\u0259: yeni kiberqrup s\u0259naye v\u0259 a\u011f\u0131ll\u0131 binalar\u0131n idar\u0259etm\u0259 sisteml\u0259rin\u0259 h\u00fccum edir"},"content":{"rendered":"\n<p>Kaspersky ICS CERT m\u00fct\u0259x\u0259ssisl\u0259ri Pakistan, \u018ffqan\u0131stan v\u0259 Malayziyada telekommunikasiya, istehsal v\u0259 n\u0259qliyyat t\u0259\u015fkilatlar\u0131n\u0131 h\u0259d\u0259f alan nam\u0259lum \u00c7indilli kiberqrupun h\u00fccumlar\u0131n\u0131 a\u015fkar edibl\u0259r. H\u00fccumlar ilk d\u0259f\u0259 2021-ci il oktyabr\u0131n ortalar\u0131nda qeyd\u0259 al\u0131n\u0131b. ShadowPad alqoritm n\u011fqsan\u0131 (backdoor) Pakistanda bir ne\u00e7\u0259 ICS sistemind\u0259, x\u00fcsus\u0259n d\u0259 bina idar\u0259etm\u0259 sisteml\u0259ri m\u00fch\u0259ndisl\u0259rinin i\u015f stansiyalar\u0131nda a\u015fkarlan\u0131b. B\u0259zi hallarda sistem\u0259 ilkin giri\u015f \u0259ld\u0259 etm\u0259k \u00fc\u00e7\u00fcn Microsoft Exchange-d\u0259ki bo\u015fluqdan istifad\u0259 edilib. Silsil\u0259 h\u00fccumlar\u0131n t\u0259dqiqat\u0131 zaman\u0131 m\u00fct\u0259x\u0259ssisl\u0259rin diqq\u0259tini bina avtomatla\u015fd\u0131rma sisteml\u0259ri m\u00fch\u0259ndisl\u0259rinin i\u015f stansiyalar\u0131n\u0131n h\u00fccumlara qar\u015f\u0131 z\u0259ifl\u0259dilm\u0259si c\u0259lb edib v\u0259 bu, t\u0259kc\u0259 h\u0259d\u0259fli h\u00fccumlarda nadir hallarda m\u00fc\u015fahid\u0259 olunan bir hal deyil. Bina idar\u0259etm\u0259 sistemi b\u0259zi t\u0259cav\u00fczkarlar \u00fc\u00e7\u00fcn maraql\u0131 h\u0259d\u0259fdir, \u00e7\u00fcnki o, enerji, isitm\u0259, i\u015f\u0131qland\u0131rma, kondisioner v\u0259 ventilyasiya kimi m\u00fcxt\u0259lif h\u0259yati vacib funksiyalara n\u0259zar\u0259ti \u0259hat\u0259 ed\u0259 bil\u0259r v\u0259 \u00e7ox vaxt video n\u0259zar\u0259t kimi binan\u0131n fiziki t\u0259hl\u00fck\u0259sizlik funksiyalar\u0131n\u0131 v\u0259 v\u0259 giri\u015f\u0259 n\u0259zar\u0259ti h\u0259yata ke\u00e7ir\u0259n sisteml\u0259rl\u0259 inteqrasiya olunur.  Bununla bel\u0259, n\u0259z\u0259r\u0259 almaq laz\u0131md\u0131r ki, t\u0259cav\u00fczkar sistem n\u0259zar\u0259ti \u0259l\u0259 ke\u00e7ir\u0259r\u0259k, h\u0259m \u0130T, h\u0259m d\u0259 OT seqmentl\u0259ri il\u0259 \u0259laq\u0259li obyektd\u0259 yerl\u0259\u015fdiril\u0259n dig\u0259r informasiya sisteml\u0259rin\u0259 d\u0259 n\u00fcfuz ed\u0259 bil\u0259r. T\u0259cr\u00fcb\u0259d\u0259 \u00e7ox vaxt bu sisteml\u0259r laz\u0131mi d\u0259r\u0259c\u0259d\u0259 bir-birind\u0259n t\u0259crid olunmaya bilirl\u0259r. \u018fsas al\u0259tin y\u0259ni ShadowPad alqoritm n\u00f6qsan\u0131n\u0131n m\u00fcxt\u0259lif qabaqc\u0131l \u00e7indilli kiber qruplar t\u0259r\u0259find\u0259n tez-tez istifad\u0259 edilm\u0259sin\u0259 baxmayaraq, t\u0259dqiq olunan h\u00fccumlarda t\u0259cav\u00fczkarlar onlar\u0131n tan\u0131nm\u0131\u015f qruplardan h\u0259r hans\u0131 etibarl\u0131 \u015f\u0259kild\u0259 aid edilm\u0259sin\u0259 imkan verm\u0259y\u0259n \u00e7ox unikal taktika v\u0259 \u00fcsullardan istifad\u0259 edibl\u0259r.  B\u0259zi hallarda Microsoft Exchange-d\u0259 m\u0259lum z\u0259iflik ilkin vektor kimi istifad\u0259 edilib. T\u0259cav\u00fczkarlar \u0259vv\u0259lc\u0259 m\u0259lumat toplamaq v\u0259 \u015f\u0259b\u0259k\u0259d\u0259 h\u0259r\u0259k\u0259t etm\u0259k \u00fc\u00e7\u00fcn \u0259mrl\u0259ri \u0259l il\u0259 daxil edibl\u0259r, sonra mexaniki rejimd\u0259 i\u015fl\u0259nmi\u015f h\u0259r\u0259k\u0259tl\u0259rin ard\u0131c\u0131ll\u0131\u011f\u0131n\u0131 avtomatla\u015fd\u0131r\u0131blar. \u201cBina n\u0259zar\u0259t sisteml\u0259ri nadir hallarda APT h\u00fccumlar\u0131n\u0131n h\u0259d\u0259fin\u0259 \u00e7evrilir. Bununla bel\u0259, onlar y\u00fcks\u0259k h\u0259ssas m\u0259lumatlar\u0131n qiym\u0259tli m\u0259nb\u0259yi ola bil\u0259r v\u0259 onlar vasit\u0259sil\u0259 t\u0259cav\u00fczkarlar h\u00fccuma m\u0259ruz qalan obyektin infrastrukturunun daha s\u0131x qorunan sah\u0259l\u0259rin\u0259 n\u00fcfuz ed\u0259 bil\u0259rl\u0259r. Bu c\u00fcr h\u00fccumlar tez v\u0259 m\u00fcxt\u0259lif istiqam\u0259tl\u0259rd\u0259 inki\u015faf ed\u0259 bildiyi \u00fc\u00e7\u00fcn onlar\u0131 \u0259n erk\u0259n m\u0259rh\u0259l\u0259l\u0259rd\u0259 a\u015fkar etm\u0259k laz\u0131md\u0131r. M\u0259sl\u0259h\u0259timiz h\u0259yati vacib sah\u0259l\u0259rd\u0259 bina idar\u0259etm\u0259 sisteml\u0259rin\u0259 daim n\u0259zar\u0259t etm\u0259kdir\u201d, &#8211; dey\u0259 Kaspersky ICS CERT komandas\u0131n\u0131n m\u00fct\u0259x\u0259ssisi Kirill Kruqlov bildirib. Bu h\u00fccumlar haqq\u0131nda daha \u0259trafl\u0131 buradan \u00f6yr\u0259nm\u0259k olar. TP A\u0130S kompyuterl\u0259rinin m\u00fcdafi\u0259si \u00fc\u00e7\u00fcn Kaspersky t\u00f6vsiy\u0259 edir: \u2022 infrastrukturunun bir hiss\u0259si olan \u0259m\u0259liyyat sisteml\u0259rini v\u0259 proqramlar\u0131 m\u00fct\u0259madi olaraq yenil\u0259m\u0259k v\u0259 yamaqlar d\u0259rc olunan kimi onlar\u0131 qura\u015fd\u0131rmaq; \u2022 t\u0259hl\u00fck\u0259sizlik probleml\u0259rinin vaxt\u0131nda m\u00fc\u0259yy\u0259n edilm\u0259si v\u0259 aradan qald\u0131r\u0131lmas\u0131 \u00fc\u00e7\u00fcn OT sisteml\u0259rinin t\u0259hl\u00fck\u0259sizliyini m\u00fct\u0259madi olaraq yoxlamaq; \u2022 texnoloji proses\u0259 v\u0259 m\u00fc\u0259ssis\u0259nin \u0259sas aktivl\u0259rin\u0259 potensial t\u0259hl\u00fck\u0259 yaradan h\u00fccumlar\u0131na qar\u015f\u0131 \u0259n effektiv m\u00fcdafi\u0259 \u00fc\u00e7\u00fcn ICS komp\u00fcterl\u0259rinin \u015f\u0259b\u0259k\u0259 trafikinin monitorinqi, kibert\u0259hl\u00fck\u0259l\u0259rin t\u0259hlili v\u0259 a\u015fkarlanmas\u0131 \u00fc\u00e7\u00fcn h\u0259ll\u0259rd\u0259n istifad\u0259 etm\u0259k; \u2022 m\u00fcxt\u0259lif, o c\u00fcml\u0259d\u0259n, yeni v\u0259 qabaqc\u0131l, z\u0259r\u0259rli \u00fcsullara cavab t\u0259dbirl\u0259rinin keyfiyy\u0259tini art\u0131rmaq \u00fc\u00e7\u00fcn informasiya t\u0259hl\u00fck\u0259sizliyi m\u00fct\u0259x\u0259ssisl\u0259ri v\u0259 OT m\u00fch\u0259ndisl\u0259ri \u00fc\u00e7\u00fcn t\u0259liml\u0259r ke\u00e7irm\u0259k; \u2022 avtomatla\u015fd\u0131r\u0131lm\u0131\u015f idar\u0259etm\u0259 sisteml\u0259rinin m\u00fchafiz\u0259sin\u0259 cavabdeh olan m\u00fct\u0259x\u0259ssisl\u0259ri kibert\u0259hl\u00fck\u0259l\u0259rin t\u0259hlili \u00fc\u00e7\u00fcn m\u00fcasir al\u0259tl\u0259rl\u0259 t\u0259min etm\u0259k. ICS Threat Intelligence Reporting xidm\u0259ti cari kibert\u0259hdidl\u0259r v\u0259 h\u00fccum vektorlar\u0131, h\u0259m\u00e7inin OT-d\u0259 \u0259n h\u0259ssas elementl\u0259r v\u0259 onlar\u0131n dayan\u0131ql\u0131\u011f\u0131n\u0131 nec\u0259 art\u0131rmaq bar\u0259d\u0259 m\u0259lumatlar toplay\u0131r; \u2022 b\u00fct\u00fcn h\u0259yati vacib s\u0259naye sisteml\u0259rinin t\u0259hl\u00fck\u0259sizliyini t\u0259min etm\u0259k \u00fc\u00e7\u00fcn OT son n\u00f6qt\u0259l\u0259ri v\u0259 \u015f\u0259b\u0259k\u0259l\u0259ri \u00fc\u00e7\u00fcn Kaspersky Industrial CyberSecurity kimi t\u0259hl\u00fck\u0259sizlik h\u0259ll\u0259rind\u0259n istifad\u0259 etm\u0259k. \u2022 \u0130T infrastrukturunu kiber t\u0259hl\u00fck\u0259l\u0259rd\u0259n qorumaq. Son n\u00f6qt\u0259l\u0259rin t\u0259hl\u00fck\u0259sizliyi \u00fc\u00e7\u00fcn intqrasiya edilmi\u015f m\u0259hsullar kibert\u0259hl\u00fck\u0259l\u0259rin a\u015fkarlanmas\u0131 v\u0259 onlara cavab verm\u0259 imkanlar\u0131n\u0131 t\u0259min edir. <\/p>\n","protected":false},"excerpt":{"rendered":"<p>Kaspersky ICS CERT m\u00fct\u0259x\u0259ssisl\u0259ri Pakistan, \u018ffqan\u0131stan v\u0259 Malayziyada telekommunikasiya, istehsal v\u0259 n\u0259qliyyat t\u0259\u015fkilatlar\u0131n\u0131 h\u0259d\u0259f alan nam\u0259lum \u00c7indilli kiberqrupun h\u00fccumlar\u0131n\u0131 a\u015fkar edibl\u0259r. H\u00fccumlar ilk d\u0259f\u0259 2021-ci il oktyabr\u0131n ortalar\u0131nda qeyd\u0259 al\u0131n\u0131b. ShadowPad alqoritm n\u011fqsan\u0131 (backdoor) Pakistanda&#8230;<\/p>\n","protected":false},"author":2,"featured_media":2160,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[10],"tags":[],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/rockvell.com\/index.php?rest_route=\/wp\/v2\/posts\/2251"}],"collection":[{"href":"https:\/\/rockvell.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/rockvell.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/rockvell.com\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/rockvell.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2251"}],"version-history":[{"count":1,"href":"https:\/\/rockvell.com\/index.php?rest_route=\/wp\/v2\/posts\/2251\/revisions"}],"predecessor-version":[{"id":2252,"href":"https:\/\/rockvell.com\/index.php?rest_route=\/wp\/v2\/posts\/2251\/revisions\/2252"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/rockvell.com\/index.php?rest_route=\/wp\/v2\/media\/2160"}],"wp:attachment":[{"href":"https:\/\/rockvell.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2251"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/rockvell.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2251"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/rockvell.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2251"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}