{"id":24084,"date":"2024-05-21T02:00:00","date_gmt":"2024-05-20T23:00:00","guid":{"rendered":"https:\/\/rockvell.com\/?p=24084"},"modified":"2024-05-21T09:26:40","modified_gmt":"2024-05-21T06:26:40","slug":"2024-cu-ilin-%c9%99vv%c9%99lind%c9%99-dunya-uzr%c9%99-apt-hucumlarinda-bosluqlardan-daha-cox-istifad%c9%99-edilib","status":"publish","type":"post","link":"https:\/\/rockvell.com\/?p=24084","title":{"rendered":"2024-c\u00fc ilin \u0259vv\u0259lind\u0259 d\u00fcnya \u00fczr\u0259 APT h\u00fccumlar\u0131nda bo\u015fluqlardan daha \u00e7ox istifad\u0259 edilib"},"content":{"rendered":"\n

2024-c\u00fc ilin \u0259vv\u0259lind\u0259 d\u00fcnya \u00fczr\u0259 APT h\u00fccumlar\u0131nda uzaqdan idar\u0259 al\u0259tl\u0259ri v\u0259 \u201cWinRAR\u201ddak\u0131 bo\u015fluqlardan daha \u00e7ox istifad\u0259 edilib<\/strong><\/p>\n\n\n\n

2024-c\u00fc ilin \u0259vv\u0259lind\u0259 uzaqdan giri\u015f xidm\u0259tl\u0259ri v\u0259 \u201cWindows SmartScreen\u201d kimi giri\u015fi t\u0259nziml\u0259m\u0259 al\u0259tl\u0259ri APT h\u00fccumlar\u0131 t\u0259r\u0259find\u0259n \u0259n \u00e7ox h\u0259d\u0259f al\u0131nanlar aras\u0131nda olub. T\u0259cav\u00fczkarlar h\u0259m\u00e7inin 2023-c\u00fc ild\u0259 \u201cMS Office\u201d\u0259 qar\u015f\u0131 h\u00fccumlarla yana\u015f\u0131 \u0259n \u00e7ox istifad\u0259 edil\u0259n \u201cWinRAR\u201ddak\u0131 bo\u015fluqlardan f\u0259al \u015f\u0259kild\u0259 istifad\u0259 etm\u0259y\u0259 davam etdil\u0259r. Kaspersky m\u00fct\u0259x\u0259ssisl\u0259ri 2023-2024-c\u00fc ilin \u0259vv\u0259ll\u0259ri \u00fc\u00e7\u00fcn APT h\u00fccumlar\u0131 il\u0259 ba\u011fl\u0131 m\u00f6vcud m\u0259lumatlar\u0131* t\u0259hlil etdikd\u0259n sonra bu n\u0259tic\u0259y\u0259 g\u0259libl\u0259r.<\/p>\n\n\n

\n
\"\"<\/figure><\/div>\n\n\n

APT h\u00fccumu (Advanced Persistent Threat) y\u00fcks\u0259k m\u00fcr\u0259kk\u0259bliy\u0259 malik davaml\u0131 \u0259sasda ba\u015f ver\u0259n h\u0259d\u0259fli h\u00fccumdur. T\u0259cav\u00fczkarlar m\u0259xfi v\u0259 ya h\u0259r hans\u0131 dig\u0259r d\u0259y\u0259rli m\u0259lumatlar\u0131 toplamaq v\u0259 ondan \u00f6z m\u0259qs\u0259dl\u0259rin\u0259 uy\u011fun istifad\u0259 etm\u0259k \u00fc\u00e7\u00fcn daxili \u015f\u0259b\u0259k\u0259y\u0259 daxil olurlar. Onlar m\u00fcmk\u00fcn q\u0259d\u0259r uzun m\u00fcdd\u0259t \u00f6zl\u0259rini gizl\u0259tm\u0259y\u0259 \u00e7al\u0131\u015f\u0131rlar v\u0259 bunun \u00fc\u00e7\u00fcn m\u00fcr\u0259kk\u0259b vasit\u0259l\u0259rd\u0259n istifad\u0259 ed\u0259 bil\u0259rl\u0259r. <\/p>\n\n\n\n

2024-c\u00fc ilin birinci r\u00fcb\u00fcnd\u0259 t\u0259cav\u00fczkarlar \u0259n \u00e7ox \u201cIvanti\u201d kibert\u0259hl\u00fck\u0259sizlik v\u0259 sistem idar\u0259etm\u0259 proqram t\u0259minat\u0131ndak\u0131 proqram\u0131ndak\u0131 \u0259mr daxil edilm\u0259si (CVE-2024-21887) v\u0259 autentifikasiyadan yay\u0131nma (CVE-2023-46805) bo\u015fluqlar\u0131ndan istifad\u0259 edibl\u0259r.<\/p>\n\n\n

\n
\"\"<\/figure><\/div>\n\n\n

2024-c\u00fc ilin yanvar-mart aylar\u0131nda APT h\u00fccumlar\u0131nda istifad\u0259 edil\u0259n \u0259n geni\u015f yay\u0131lm\u0131\u015f bo\u015fluqlar. <\/em>M<\/em>\u00f6<\/em>vcud<\/em> <\/em>m<\/em>\u0259<\/em>nb<\/em>\u0259<\/em>l<\/em>\u0259<\/em>rd<\/em>\u0259<\/em>n<\/em> <\/em>\u0259ld\u0259 edil\u0259n<\/em> <\/em>m<\/em>\u0259<\/em>lumatlar<\/em><\/em><\/p>\n\n\n\n

CVE-2024-21887-nin populyarl\u0131\u011f\u0131 \u00e7ox g\u00fcman ki, onun yeni olmas\u0131 il\u0259 ba\u011fl\u0131d\u0131r. T\u0259cav\u00fczkarlar bo\u015fluqlardan ad\u0259t\u0259n onlar\u0131n qeydiyyata al\u0131nmas\u0131ndan v\u0259 d\u0259rc edilm\u0259sind\u0259n sonra \u015firk\u0259tl\u0259rin yenil\u0259m\u0259l\u0259ri buraxma\u011fa vaxt tapmad\u0131qlar\u0131 ilk h\u0259ft\u0259l\u0259rd\u0259 f\u0259al \u015f\u0259kild\u0259 istifad\u0259 edirl\u0259r. CVE-2023-46805 bo\u015flu\u011fu CVE-2024-21887 il\u0259 birlikd\u0259 istifad\u0259 edil\u0259 bil\u0259r. \u00dc\u00e7\u00fcnc\u00fc yerd\u0259 h\u0259l\u0259 2023-c\u00fc ild\u0259 a\u015fkar edilmi\u015f v\u0259 h\u0259l\u0259 d\u0259 h\u0259d\u0259fli h\u00fccumlarda f\u0259al \u015f\u0259kild\u0259 istifad\u0259si davam ed\u0259n \u201cWinRAR\u201ddak\u0131 bo\u015fluqlar dayan\u0131r. \u0130stifad\u0259\u00e7il\u0259r he\u00e7 d\u0259 h\u0259mi\u015f\u0259 \u015f\u00fcbh\u0259li arxiv fayllar\u0131n\u0131 tan\u0131ya bilmirl\u0259r v\u0259 bu, t\u0259cav\u00fczkarlar t\u0259r\u0259find\u0259n aktiv \u015f\u0259kild\u0259 istifad\u0259 edilir.<\/p>\n\n\n\n

2023-c\u00fc ild\u0259 APT h\u00fccumlar\u0131 \u0259n \u00e7ox \u201cWinRAR\u201d (CVE-2023-38831) v\u0259 \u201cMSOffice\u201d proqramlar\u0131ndak\u0131 (CVE-2017-11882 v\u0259 CVE-2017-0199) bo\u015fluqlardan istifad\u0259 edib.<\/p>\n\n\n

\n
\"\"<\/figure><\/div>\n\n\n

2023-c\u00fc ild\u0259 APT h\u00fccumlar\u0131nda istifad\u0259 edil\u0259n bo\u015fluqlar. M\u00f6vcud m\u0259nb\u0259l\u0259rd\u0259n al\u0131nan m\u0259lumatlar<\/em><\/p>\n\n\n\n

\u201c\u018fn\u0259n\u0259vi olaraq, MS Office \u00fc\u00e7\u00fcn istismarlar (exploit) APT h\u00fccumlar\u0131n\u0131n yay\u0131lmas\u0131 bax\u0131m\u0131ndan birinci yerd\u0259 olub ki, bu da korporativ istifad\u0259\u00e7il\u0259r aras\u0131nda Windows \u0259m\u0259liyyat sisteminin v\u0259 onun \u00fc\u00e7\u00fcn proqram t\u0259minatlar\u0131n\u0131n populyarl\u0131\u011f\u0131 il\u0259 ba\u011fl\u0131d\u0131r. Bununla bel\u0259, son m\u0259lumatlar bu tendensiyan\u0131n d\u0259yi\u015fdiyini g\u00f6st\u0259rir: WinRAR-dak\u0131 bo\u015fluqlar daha tez-tez istifad\u0259 olunma\u011fa ba\u015flay\u0131b\u201d, – dey\u0259 Kaspersky-nin kibert\u0259hl\u00fck\u0259sizlik \u00fczr\u0259 eksperti Aleksandr Kolesnikov qeyd edir.<\/p>\n\n\n\n

APT h\u00fccumlar\u0131n\u0131n s\u0259b\u0259b ola bil\u0259c\u0259yi riskl\u0259ri minimuma endirm\u0259k \u00fc\u00e7\u00fcn Kaspersky t\u0259\u015fkilatlara t\u00f6vsiy\u0259 edir:<\/p>\n\n\n\n