{"id":27469,"date":"2024-08-27T07:00:00","date_gmt":"2024-08-27T04:00:00","guid":{"rendered":"https:\/\/rockvell.com\/?p=27469"},"modified":"2024-08-27T15:16:23","modified_gmt":"2024-08-27T12:16:23","slug":"kaspersky-dunya-uzr%c9%99-kriptovalyuta-v%c9%99-s%c9%99xsi-m%c9%99lumatlari-ogurlayan-kampaniya-askar-edib","status":"publish","type":"post","link":"https:\/\/rockvell.com\/?p=27469","title":{"rendered":"Kaspersky d\u00fcnya \u00fczr\u0259 kriptovalyuta v\u0259 \u015f\u0259xsi m\u0259lumatlar\u0131 o\u011furlayan kampaniya a\u015fkar edib"},"content":{"rendered":"\n

Kaspersky d\u00fcnya \u00fczr\u0259 kriptovalyuta v\u0259 \u015f\u0259xsi m\u0259lumatlar\u0131 o\u011furlayan kampaniya a\u015fkar edib<\/strong><\/p>\n\n\n\n

Kaspersky-nin kiberinsidentl\u0259r\u0259 reaksiya \u00fczr\u0259 qlobal komandas\u0131n\u0131n (Kaspersky Global Emergency Response Team, GERT) ekspertl\u0259ri d\u00fcnya \u00fczr\u0259 \u201cWindows\u201d v\u0259 \u201cMacOS\u201d \u0259m\u0259liyyat sisteml\u0259rinin istifad\u0259\u00e7il\u0259rinin kriptovalyuta v\u0259 \u015f\u0259xsi m\u0259lumatlar\u0131n\u0131n o\u011furlanmas\u0131na y\u00f6n\u0259lmi\u015f saxta kampaniya a\u015fkar edibl\u0259r. Ona \u201cTusk\u201d ad\u0131 verilib. Ehtimallara g\u00f6r\u0259, h\u00fccumlar\u0131n arxas\u0131nda rusdilli t\u0259cav\u00fczkarlar komandas\u0131 dayan\u0131r. M\u0259lumat\u0131 o\u011furlamaq \u00fc\u00e7\u00fcn fi\u015finq resurslar\u0131, infostilerl\u0259r v\u0259 klipperl\u0259rd\u0259n (clipper) istifad\u0259 olunur.<\/p>\n\n\n

\n
\"\"<\/figure><\/div>\n\n\n

H\u00fccum sxemi<\/strong>. T\u0259cav\u00fczkarlar \u00f6nc\u0259 qurbanlar\u0131 m\u00fcxt\u0259lif qanuni xidm\u0259tl\u0259rin dizayn\u0131n\u0131 v\u0259 interfeysini t\u0259qlid ed\u0259n fi\u015finq saytlar\u0131na c\u0259lb edirl\u0259r. Bunun \u00fc\u00e7\u00fcn web3, kriptovalyuta, s\u00fcni intellekt, onlayn oyunlar kimi m\u0259\u015fhur m\u00f6vzulardan istifad\u0259 edirl\u0259r. B\u0259zi a\u015fkar edilmi\u015f s\u0259hif\u0259l\u0259r kripto platformas\u0131n\u0131, onlayn personaj oyununu v\u0259 Al-t\u0259rc\u00fcm\u0259\u00e7ini t\u0259qlid edir. Fi\u015finq resurslar\u0131n\u0131 diqq\u0259tl\u0259 \u00f6yr\u0259ns\u0259niz, m\u0259s\u0259l\u0259n, ad v\u0259 ya URL-d\u0259 orijinaldan ki\u00e7ik f\u0259rql\u0259r g\u00f6r\u0259 bil\u0259rsiniz. Bununla bel\u0259, \u00fcmumilikd\u0259 onlar \u00e7ox inand\u0131r\u0131c\u0131 g\u00f6r\u00fcn\u00fcrl\u0259r, bu da u\u011furlu h\u00fccum ehtimal\u0131n\u0131 art\u0131r\u0131r.<\/p>\n\n\n\n

Fi\u015finq resurslar\u0131 m\u0259xfi m\u0259lumatlar\u0131, m\u0259s\u0259l\u0259n, kripto pul kis\u0259l\u0259ri \u00fc\u00e7\u00fcn \u015f\u0259xsi a\u00e7arlar\u0131 \u0259l\u0259 ke\u00e7irm\u0259y\u0259 v\u0259 z\u0259r\u0259rli proqramlar\u0131 qurban\u0131n cihaz\u0131na endirm\u0259y\u0259 imkan verir. Sonras\u0131nda is\u0259 t\u0259cav\u00fczkarlar saxta internet sayt\u0131 vasit\u0259sil\u0259 kripto pul kis\u0259sin\u0259 giri\u015f \u0259ld\u0259 ed\u0259 v\u0259 oradan v\u0259sait \u00e7\u0131xara v\u0259 ya z\u0259r\u0259rli proqram vasit\u0259sil\u0259 hesab m\u0259lumatlar\u0131n\u0131, pul kis\u0259sinin detallar\u0131n\u0131 v\u0259 dig\u0259r m\u0259lumatlar\u0131 o\u011furlaya bil\u0259rl\u0259r.<\/p>\n\n\n\n

H\u00fccumlar \u00fc\u00e7\u00fcn hans\u0131 z\u0259r\u0259rvericil\u0259rd\u0259n istifad\u0259 olunur<\/strong>. Kampaniyan\u0131n bir hiss\u0259si kimi t\u0259cav\u00fczkarlar \u201cDanabot\u201d v\u0259 \u201cStealc\u201d kimi infostilerl\u0259ri, h\u0259m\u00e7inin klipperl\u0259ri yay\u0131rlar. \u0130nfostilerl\u0259r m\u0259xfi m\u0259lumatlar\u0131 (login v\u0259 parollar daxil olmaqla) o\u011furlamaq \u00fc\u00e7\u00fcn n\u0259z\u0259rd\u0259 tutulub, klipper is\u0259 m\u00fcbadil\u0259 buferind\u0259n (clipboard) m\u0259lumatlar\u0131 \u0259l\u0259 ke\u00e7irir. M\u0259s\u0259l\u0259n, \u0259g\u0259r istifad\u0259\u00e7i elektron pul kis\u0259sinin \u00fcnvan\u0131n\u0131 m\u00fcbadil\u0259 buferin\u0259 k\u00f6\u00e7\u00fcr\u00fcrs\u0259, klipper onu saxta \u00fcnvanla \u0259v\u0259z ed\u0259 bil\u0259r.<\/p>\n\n\n\n

Z\u0259r\u0259rli proqram\u0131 y\u00fckl\u0259m\u0259k \u00fc\u00e7\u00fcn fayllar \u201cDropbox\u201d fayl hostinqin\u0259 yerl\u0259\u015fdirilir. Onlar\u0131 y\u00fckl\u0259dikd\u0259n sonra qurban rahat interfeys\u0259 malik olan c\u0259lbedici resursa y\u00f6n\u0259lir ki, burada ondan avtorizasiyadan ke\u00e7m\u0259k v\u0259 ya sad\u0259c\u0259 s\u0259hif\u0259ni ba\u011flamamas\u0131 xahi\u015f olunur. Bu zaman dig\u0259r z\u0259r\u0259rli fayllar endirilir.<\/p>\n\n\n\n

H\u00fccumlar\u0131n arxas\u0131nda kim dayana bil\u0259r.<\/strong> Z\u0259r\u0259rli kodda rus dilind\u0259 s\u0259tirl\u0259r var. Bundan \u0259lav\u0259, z\u0259r\u0259rli proqram\u0131 y\u00fckl\u0259m\u0259k \u00fc\u00e7\u00fcn fayllarda rusdilli t\u0259cav\u00fczkarlar\u0131n qurban\u0131 ay\u0131rd etm\u0259k \u00fc\u00e7\u00fcn istifad\u0259 etdiyi \u201cMamont\u201d s\u00f6z\u00fc var. T\u0259cav\u00fczkarlar\u0131n a\u00e7\u0131q-a\u015fkar maliyy\u0259 m\u0259qs\u0259dl\u0259ri g\u00fcdd\u00fcy\u00fc g\u00f6r\u00fcn\u00fcr. Kaspersky m\u00fct\u0259x\u0259ssisl\u0259ri bunu kampaniyan\u0131n ad\u0131nda y\u0259ni \u201cTusk\u201d (\u201c\u0130ri di\u015f\u201d) s\u00f6z\u00fcnd\u0259 d\u0259y\u0259rli di\u015fl\u0259rin\u0259 g\u00f6r\u0259 ovlanan mamontlara b\u0259nz\u0259tm\u0259kl\u0259 \u0259ks etdiribl\u0259r.<\/p>\n\n\n\n

\u201cT\u0259hlilimiz g\u00f6st\u0259rdi ki, bu, diqq\u0259tl\u0259 d\u00fc\u015f\u00fcn\u00fclm\u00fc\u015f kampaniyad\u0131r. Bunu dig\u0259r \u015feyl\u0259rl\u0259 yana\u015f\u0131, h\u00fccumlar\u0131n bir ne\u00e7\u0259 m\u0259rh\u0259l\u0259d\u0259n ibar\u0259t olmas\u0131 v\u0259 bir-biri il\u0259 \u0259laq\u0259li olmas\u0131nda da g\u00f6rm\u0259k olar. Kampaniyan\u0131n arxas\u0131nda maliyy\u0259 m\u0259qs\u0259dl\u0259ri g\u00fcd\u0259n qrup v\u0259 ya f\u0259rdi t\u0259cav\u00fczkar dayana bil\u0259r. Kaspersky Threat Intelligence Portal<\/a> say\u0259sind\u0259 biz kriptovalyuta, s\u00fcni intellekt v\u0259 onlayn oyunlar, el\u0259c\u0259 d\u0259 dig\u0259r 16 m\u0259\u015fhur m\u00f6vzuda alt kampaniyalar\u0131 a\u015fkarlaya bildik. Bu onu dem\u0259y\u0259 \u0259sas verir ki, t\u0259cav\u00fczkarlar cari g\u00fcnd\u0259m\u0259 tez uy\u011funla\u015fa v\u0259 ondan istifad\u0259\u00e7il\u0259r\u0259 qar\u015f\u0131 h\u00fccumlarda istifad\u0259 ed\u0259 bil\u0259rl\u0259r\u201d, – dey\u0259 Kaspersky-nin insidentl\u0259rin a\u015fkarlanmas\u0131 v\u0259 cavabland\u0131r\u0131lmas\u0131 \u00fczr\u0259 m\u0259rk\u0259zinin r\u0259hb\u0259ri Kirill Semyonov bildirir.<\/p>\n\n\n\n

\u201cTusk\u201d kampaniyas\u0131 il\u0259 ba\u011fl\u0131 riskl\u0259ri minimuma endirm\u0259k \u00fc\u00e7\u00fcn Kaspersky m\u00fct\u0259x\u0259ssisl\u0259ri t\u00f6vsiy\u0259 edirl\u0259r:<\/p>\n\n\n\n