{"id":34197,"date":"2025-03-11T05:00:00","date_gmt":"2025-03-11T02:00:00","guid":{"rendered":"https:\/\/rockvell.com\/?p=34197"},"modified":"2025-03-11T12:21:00","modified_gmt":"2025-03-11T09:21:00","slug":"diqq%c9%99t-saxtakarliq","status":"publish","type":"post","link":"https:\/\/rockvell.com\/?p=34197","title":{"rendered":"Diqq\u0259t, saxtakarl\u0131q!!!"},"content":{"rendered":"\n

Diqq\u0259t, saxtakarl\u0131q: \u201cX\u201d sosial \u015f\u0259b\u0259k\u0259sind\u0259 \u201cDeepSeek\u201d-i t\u0259qlid ed\u0259n z\u0259r\u0259rli proqram yay\u0131l\u0131r<\/strong><\/p>\n\n\n\n

Kaspersky ekspertl\u0259ri eyni anda bir ne\u00e7\u0259 aktiv kampaniya a\u015fkar edibl\u0259r ki, onlar \u201cDeepSeek\u201d sayt\u0131n\u0131n dizayn\u0131na b\u0259nz\u0259r, h\u0259m\u00e7inin ayr\u0131l\u0131qda \u201cGrok\u201d neyron \u015f\u0259b\u0259k\u0259sinin t\u0259qlid ed\u0259n s\u0259hif\u0259 qruplar\u0131 \u00fcz\u0259rind\u0259n kompyuterl\u0259r\u0259 z\u0259r\u0259rli proqramlar\u0131n yay\u0131lmas\u0131n\u0131 t\u0259min edir. S\u00f6hb\u0259t \u0259vv\u0259ll\u0259r m\u0259lum olmayan stilerd\u0259n (o\u011furluq proqram\u0131), z\u0259r\u0259rli \u201cPowerShell\u201d skriptl\u0259rind\u0259n v\u0259 arxa qap\u0131 (backdoor) h\u00fccumlar\u0131ndan gedir. Saxta resurslara ke\u00e7idl\u0259r, o c\u00fcml\u0259d\u0259n \u201cX\u201d (ke\u00e7mi\u015f \u201cTwitter\u201d) sosial \u015f\u0259b\u0259k\u0259sin\u0259 yerl\u0259\u015fdirilib. M\u00fcxt\u0259lif \u00f6lk\u0259l\u0259rd\u0259n istifad\u0259\u00e7il\u0259r bu h\u00fccumlar\u0131n qurban\u0131na \u00e7evril\u0259 bil\u0259rl\u0259r.<\/p>\n\n\n

\n
\"\"<\/figure><\/div>\n\n\n

Birinci qrup saytlar v\u0259 yeni stiler.<\/strong> \u018fvv\u0259lc\u0259 domen adlar\u0131nda \u201cDeepSeek V3\u201d v\u0259 \u201cR1\u201d modell\u0259rinin versiyalar\u0131 istifad\u0259 olunurdu. Saxta resurslarda “\u00e7at\u0131 ba\u015flat” se\u00e7imi yox idi, yaln\u0131z \u201cWindows\u201d \u00fc\u00e7\u00fcn m\u00fc\u015ft\u0259ri proqram\u0131n\u0131n arxivini y\u00fckl\u0259m\u0259k imkan\u0131 verilirdi. Lakin b\u0259yan edil\u0259n proqram \u0259v\u0259zin\u0259 istifad\u0259\u00e7inin komp\u00fcterin\u0259 \u0259vv\u0259ll\u0259r m\u0259lum olmayan stiler y\u00fckl\u0259nirdi. Bu z\u0259r\u0259rli proqram vasit\u0259sil\u0259 t\u0259cav\u00fczkarlar yoluxmu\u015f cihazdak\u0131 istifad\u0259\u00e7i m\u0259lumatlar\u0131na \u2014 brauzerl\u0259rd\u0259 saxlan\u0131lan kuki fayllar\u0131na v\u0259 sessiyalara, e-po\u00e7t hesablar\u0131n\u0131n login v\u0259 \u015fifr\u0259l\u0259rin\u0259, oyun v\u0259 dig\u0259r xidm\u0259tl\u0259rd\u0259ki hesablar\u0131na, m\u00fc\u0259yy\u0259n proqram \u0259lav\u0259l\u0259rin\u0259 malik fayllara, h\u0259m\u00e7inin kriptovalyuta c\u00fczdanlar\u0131 haqq\u0131nda informasiyalara \u00e7\u0131x\u0131\u015f \u0259ld\u0259 ed\u0259 bilirl\u0259r. Daha sonra onlar \u201cDeepSeek\u201d t\u0259l\u0259sini \u201cGrok\u201d il\u0259 \u0259v\u0259z edibl\u0259r, lakin istifad\u0259 olunan sxem v\u0259 z\u0259r\u0259rli proqram d\u0259yi\u015fm\u0259z qal\u0131b.<\/p>\n\n\n\n

\u0130kinci qrup saytlar v\u0259 z\u0259r\u0259rli skript.<\/strong>
Dig\u0259r saxta resurslar geofensinq \u00fcsulundan istifad\u0259 edirdi: m\u0259s\u0259l\u0259n, \u0259g\u0259r sor\u011fu Rusiya IP \u00fcnvanlar\u0131ndan g\u00f6nd\u0259rilirdis\u0259, istifad\u0259\u00e7iy\u0259 bo\u015f ke\u00e7id s\u0259hif\u0259si g\u00f6st\u0259rilirdi. Lakin \u0259g\u0259r IP Avropaya m\u0259xsus idis\u0259, server \u201cDeepSeek\u201d t\u0259qlid ed\u0259n s\u0259hif\u0259ni a\u00e7\u0131rd\u0131. Bu s\u0259hif\u0259d\u0259 neyron \u015f\u0259b\u0259k\u0259sinin m\u00fc\u015ft\u0259ri proqram\u0131n\u0131 y\u00fckl\u0259m\u0259k v\u0259 ya \u00e7atbotu i\u015f\u0259 salmaq t\u0259klif edilirdi. \u0130stifad\u0259\u00e7i bu \u0259m\u0259liyyatlardan birini yerin\u0259 yetirdikd\u0259 z\u0259r\u0259rli qura\u015fd\u0131r\u0131c\u0131 y\u00fckl\u0259nir v\u0259 n\u0259tic\u0259d\u0259 y\u00fckl\u0259m\u0259 z\u0259nciri vasit\u0259sil\u0259 \u201cPowerShell\u201d skripti icra olunurdu. Bu skript kibercinay\u0259tkarlara qurban\u0131n komp\u00fcterin\u0259 qo\u015fulmaq imkan\u0131 verirdi.<\/p>\n\n\n\n

\u00dc\u00e7\u00fcnc\u00fc qrup saytlar v\u0259 arxa qap\u0131 (backdoor).<\/strong>
Se\u00e7ilmi\u015f resurslara edil\u0259n h\u00fccumlar\u0131n mexanikas\u0131 daha t\u0259cr\u00fcb\u0259li istifad\u0259\u00e7il\u0259r\u0259 y\u00f6n\u0259lirdi. Y\u00fckl\u0259n\u0259n z\u0259r\u0259rli proqram \u201cOllama\u201d ad\u0131 alt\u0131nda gizl\u0259dilmi\u015fdi \u2014 bu, \u201cDeepSeek\u201d kimi b\u00f6y\u00fck dil modell\u0259rini yerli komp\u00fcterl\u0259rd\u0259 i\u015f\u0259 salmaq \u00fc\u00e7\u00fcn n\u0259z\u0259rd\u0259 tutulmu\u015f \u00e7\u0259r\u00e7iv\u0259dir. Lakin real al\u0259tl\u0259rin \u0259v\u0259zin\u0259 istifad\u0259\u00e7il\u0259rin cihazlar\u0131na arxa qap\u0131 alqoritm x\u0259tas\u0131 y\u00fckl\u0259nirdi v\u0259 \u201cDeepSeek\u201d m\u00fc\u015ft\u0259ri t\u0259tbiqi i\u015f\u0259 sal\u0131nd\u0131qda aktivl\u0259\u015fir, n\u0259tic\u0259d\u0259 t\u0259cav\u00fczkarlara qurban\u0131n komp\u00fcterin\u0259 uzaqdan giri\u015f imkan\u0131 verirdi.<\/p>\n\n\n\n

“A\u015fkar edilmi\u015f kampaniyalarda t\u0259kc\u0259 \u2018DeepSeek\u2019 m\u00fc\u015ft\u0259risi ad\u0131 alt\u0131nda maskalanan z\u0259r\u0259rli proqramlar deyil, h\u0259m d\u0259 saxta saytlar\u0131n yay\u0131lma vektoru maraql\u0131d\u0131r. M\u0259s\u0259l\u0259n, z\u0259r\u0259rli resurslardan birin\u0259 ke\u00e7id \u2018X\u2019 sosial \u015f\u0259b\u0259k\u0259sind\u0259 (ke\u00e7mi\u015f Twitter) payla\u015f\u0131l\u0131b. Bu payla\u015f\u0131m guya Avstraliya \u015firk\u0259tin\u0259 m\u0259xsus bir hesab t\u0259r\u0259find\u0259n edilib. Z\u0259r\u0259rli ke\u00e7id\u0259 sahib olan bu payla\u015f\u0131m 1,2 milyon bax\u0131\u015f v\u0259 y\u00fczd\u0259n d\u0259f\u0259d\u0259n \u00e7ox yenid\u0259n payla\u015f\u0131l\u0131b. Lakin g\u00f6r\u00fcn\u00fcr ki, yenid\u0259n payla\u015f\u0131mlar\u0131n \u0259ks\u0259riyy\u0259ti botlar t\u0259r\u0259find\u0259n edilib. T\u0259cav\u00fczkarlar m\u00fcmk\u00fcn q\u0259d\u0259r \u00e7ox qurbana \u00e7atmaq \u00fc\u00e7\u00fcn taypskvotinq (domen adlar\u0131n\u0131n ox\u015far versiyalar\u0131n\u0131 qeydiyyatdan ke\u00e7irm\u0259kl\u0259 istifad\u0259\u00e7il\u0259ri aldadaraq saxta saytlara y\u00f6nl\u0259ndirm\u0259k) v\u0259 ya saxta s\u0259hif\u0259l\u0259r\u0259 reklam ke\u00e7idl\u0259ri almaq t\u0259klifi kimi \u00fcsullardan istifad\u0259 ed\u0259 bil\u0259rl\u0259r. Bundan \u0259lav\u0259, onlar t\u0259r\u0259fda\u015f proqramlar vasit\u0259sil\u0259 reklam tranzaksiyalar\u0131 h\u0259yata ke\u00e7ir\u0259 v\u0259 ya messencerl\u0259rd\u0259 z\u0259r\u0259rli ke\u00e7idl\u0259ri payla\u015fa bil\u0259rl\u0259r”, \u2014 dey\u0259 Kaspersky-nin ma\u015f\u0131n \u00f6yr\u0259nm\u0259 texnologiyalar\u0131n\u0131n t\u0259dqiqat v\u0259 inki\u015faf qrupunun r\u0259hb\u0259ri Vladislav Tu\u015fkanov bildirib.<\/p>\n\n\n\n

“S\u00fcni intellekt texnologiyalar\u0131n\u0131n inki\u015faf\u0131 il\u0259 f\u0131r\u0131ldaq\u00e7\u0131lar istifad\u0259\u00e7il\u0259ri aldatmaq \u00fc\u00e7\u00fcn yeni al\u0259tl\u0259r \u0259ld\u0259 edirl\u0259r. Onlar, x\u00fcsusil\u0259, insanlar\u0131n neyron \u015f\u0259b\u0259k\u0259l\u0259r\u0259 olan b\u00f6y\u00fck mara\u011f\u0131ndan yararlanma\u011fa \u00e7al\u0131\u015f\u0131rlar. Qorunmaq \u00fc\u00e7\u00fcn ay\u0131q-say\u0131q qalmaq, t\u0259nqidi d\u00fc\u015f\u00fcnc\u0259ni inki\u015faf etdirm\u0259k v\u0259 informasiya m\u0259nb\u0259l\u0259rini yoxlamaq vacibdir”, \u2014 dey\u0259 Kaspersky-nin Az\u0259rbaycandak\u0131 r\u0259smi n\u00fcmay\u0259nd\u0259si M\u00fc\u015fviq M\u0259mm\u0259dov qeyd edib.<\/p>\n\n\n\n

Kaspersky-nin h\u0259ll\u0259ri istifad\u0259\u00e7il\u0259ri a\u015fkar edilmi\u015f kampaniyalarda rast g\u0259lin\u0259n z\u0259r\u0259rli proqramlardan qoruyur.<\/p>\n\n\n\n

\u018ftrafl\u0131 m\u0259lumat Securelist.ru sayt\u0131nda m\u00f6vcudd\u00fcr: https:\/\/securelist.ru<\/a>\/<\/a>backdoors-and-stealers-prey-on-deepseek-and-grok\/111989\/<\/a><\/p>\n\n\n\n

Kibert\u0259hl\u00fck\u0259l\u0259rd\u0259n qorunmaq \u00fc\u00e7\u00fcn m\u00fct\u0259x\u0259ssisl\u0259r t\u00f6vsiy\u0259 edirl\u0259r:<\/p>\n\n\n\n