{"id":36859,"date":"2025-05-27T05:00:00","date_gmt":"2025-05-27T02:00:00","guid":{"rendered":"https:\/\/rockvell.com\/?p=36859"},"modified":"2025-05-27T13:19:41","modified_gmt":"2025-05-27T10:19:41","slug":"dero-kriptomayneri-api-docker-vasit%c9%99sil%c9%99-konteynerl%c9%99ri-kutl%c9%99vi-s%c9%99kild%c9%99-yoluxdurur","status":"publish","type":"post","link":"https:\/\/rockvell.com\/?p=36859","title":{"rendered":"\u201cDero\u201d kriptomayneri \u201cAPI Docker\u201d vasit\u0259sil\u0259 konteynerl\u0259ri k\u00fctl\u0259vi \u015f\u0259kild\u0259 yoluxdurur"},"content":{"rendered":"\n

\u201cDero\u201d kriptomayneri \u201cAPI Docker\u201d vasit\u0259sil\u0259 konteynerl\u0259ri k\u00fctl\u0259vi \u015f\u0259kild\u0259 yoluxdurur<\/strong><\/p>\n\n\n\n

Potensial h\u0259d\u0259fl\u0259r s\u0131ras\u0131nda texnoloji \u015firk\u0259tl\u0259r, proqram t\u0259minat\u0131 t\u0259rtibat\u00e7\u0131lar\u0131, hostinq provayderl\u0259ri v\u0259 bulud xidm\u0259tl\u0259rinin t\u0259chizat\u00e7\u0131lar\u0131 var.
\u201cKaspersky Security Services\u201d xidm\u0259tinin m\u00fct\u0259x\u0259ssisl\u0259ri k\u00fctl\u0259vi \u015f\u0259kild\u0259 konteyner texnologiyalar\u0131n\u0131n (t\u0259tbiqin i\u015f\u0259 sal\u0131nmas\u0131 \u00fc\u00e7\u00fcn \u0259sas \u0259m\u0259liyyat sistemind\u0259n t\u0259crid edilmi\u015f texnologiya) istifad\u0259 edildiyi sisteml\u0259ri \u201cDero\u201d kriptomayneri il\u0259 yoluxduran m\u00fcr\u0259kk\u0259b kampaniyan\u0131 a\u015fkara \u00e7\u0131xar\u0131blar. Hakerl\u0259r bu sisteml\u0259r\u0259 daxil olmaq \u00fc\u00e7\u00fcn a\u00e7\u0131q \u201cAPI Docker\u201dd\u0259n \u2013 konteyner t\u0259rtibat\u0131 \u00fc\u00e7\u00fcn n\u0259z\u0259rd\u0259 tutulan a\u00e7\u0131q m\u0259nb\u0259 kodlu \u201cDocker\u201d proqram interfeysl\u0259rind\u0259n istifad\u0259 edirl\u0259r. Maynerl\u0259 yana\u015f\u0131, h\u00fccum\u00e7ular yoluxmalar z\u0259ncirini davam etdirm\u0259y\u0259 imkan ver\u0259n \u015f\u0259b\u0259k\u0259 qurdunu da i\u015f\u0259 sal\u0131rlar.<\/p>\n\n\n

\n
\"\"<\/figure><\/div>\n\n\n

Potensial qurbanlar. Kibert\u0259hl\u00fck\u0259 t\u0259hl\u00fck\u0259sizlik bax\u0131m\u0131ndan interfeysl\u0259rin\u0259 ciddi n\u0259zar\u0259t t\u0259tbiq etm\u0259y\u0259n, konteyner infrastrukturu istifad\u0259 ed\u0259n t\u0259\u015fkilatlar\u0131 h\u0259d\u0259f\u0259 al\u0131r. Potensial h\u0259d\u0259fl\u0259r s\u0131ras\u0131nda texnoloji \u015firk\u0259tl\u0259r, proqram t\u0259minat\u0131 t\u0259rtibat\u00e7\u0131lar\u0131, hostinq provayderl\u0259ri v\u0259 bulud xidm\u0259tl\u0259rinin t\u0259chizat\u00e7\u0131lar\u0131 yer al\u0131r.<\/p>\n\n\n\n

Kibert\u0259hl\u00fck\u0259 nec\u0259 h\u0259yata ke\u00e7irilir. \u018fvv\u0259lc\u0259 hakerl\u0259r z\u0259if t\u0259hl\u00fck\u0259siz \u015f\u0259kild\u0259 yay\u0131mlanm\u0131\u015f \u201cAPI Docker\u201d axtar\u0131rlar. \u201cShodan\u201d axtar\u0131\u015f sisteminin m\u0259lumatlar\u0131na g\u00f6r\u0259, 2025-ci ild\u0259 d\u00fcnyada ayda orta hesabla 485 \u201cAPI Docker\u201d standart portlarda<\/em>* a\u00e7\u0131q \u015f\u0259kild\u0259 payla\u015f\u0131l\u0131b v\u0259 bu hallar Rusiya v\u0259 MDB \u00f6lk\u0259l\u0259rind\u0259 d\u0259 m\u00fc\u015fahid\u0259 olunub. Daha sonra h\u00fccum bu \u015f\u0259kild\u0259 inki\u015faf edir: \u0259vv\u0259lc\u0259d\u0259n m\u00f6vcud olan konteynerl\u0259r komprometasiya olunur, daha sonra is\u0259 standart, legitim \u201cUbuntu\u201d g\u00f6r\u00fcnt\u00fcs\u00fc \u0259sas\u0131nda yenil\u0259ri yarad\u0131l\u0131r. Bu konteynerl\u0259r iki z\u0259r\u0259rli komponentl\u0259 yoluxdurulur \u2014 \u201cnginx\u201d v\u0259 \u201ccloud\u201d. \u201cCloud\u201d \u0259slind\u0259 \u0259sas \u201cDero\u201d kriptomayneridir; \u201cnginx\u201d is\u0259 onun f\u0259aliyy\u0259tini t\u0259min edir v\u0259 \u0259lav\u0259 olaraq, \u015f\u0259b\u0259k\u0259d\u0259 ba\u015fqa qorunmayan konteyner platformalar\u0131n\u0131 axtar\u0131r. T\u0259cav\u00fczkarlar “nginx” ad\u0131ndan istifad\u0259 etm\u0259kl\u0259 bu komponenti tan\u0131nm\u0131\u015f legitim veb-server kimi g\u00f6st\u0259rm\u0259y\u0259 \u00e7al\u0131\u015f\u0131r v\u0259 bununla da a\u015fkarlanmaqdan yay\u0131nma\u011f\u0131 h\u0259d\u0259fl\u0259yirl\u0259r. Bu kampaniya daxilind\u0259 z\u0259r\u0259rli proqramlar \u0259n\u0259n\u0259vi komanda-server infrastrukturundan istifad\u0259 edilm\u0259d\u0259n \u00f6t\u00fcr\u00fcl\u00fcr: yoluxmu\u015f konteynerl\u0259r bir-birind\u0259n as\u0131l\u0131 olmayaraq \u015f\u0259b\u0259k\u0259ni skan edir v\u0259 maynerin yay\u0131lmas\u0131n\u0131 davam etdir\u0259 bilirl\u0259r.<\/p>\n\n\n\n

\u201cBu metod yoluxmalar\u0131n say\u0131n\u0131n k\u0259skin artmas\u0131na s\u0259b\u0259b ola bil\u0259r. H\u0259r yoluxmu\u015f konteyner, \u0259g\u0259r h\u0259d\u0259f\u0259 \u00e7evril\u0259 bil\u0259c\u0259k \u015f\u0259b\u0259k\u0259l\u0259rd\u0259 qabaqlay\u0131c\u0131 t\u0259hl\u00fck\u0259sizlik t\u0259dbirl\u0259ri g\u00f6r\u00fclm\u0259zs\u0259, potensial kibert\u0259hl\u00fck\u0259 m\u0259nb\u0259yidir,\u201d \u2013 dey\u0259 Kaspersky-nin insidentl\u0259r\u0259 cavab komandas\u0131n\u0131n r\u0259hb\u0259ri Viktor Serqeyev qeyd edir. \u201cKonteynerl\u0259r proqram t\u0259minat\u0131n\u0131n haz\u0131rlanmas\u0131, yerl\u0259\u015fdirilm\u0259si v\u0259 miqyasland\u0131r\u0131lmas\u0131 \u00fc\u00e7\u00fcn olduqca vacibdir. Onlar geni\u015f \u015f\u0259kild\u0259 bulud \u0259sasl\u0131 m\u00fchitl\u0259rd\u0259, \u201cDevOps\u201d v\u0259 mikroservis arxitekturas\u0131nda istifad\u0259 olunur, bu da onlar\u0131 kibert\u0259hdidl\u0259r \u00fc\u00e7\u00fcn c\u0259lbedici h\u0259d\u0259f\u0259 \u00e7evirir. T\u0259\u015fkilatlar konteynerl\u0259rd\u0259n daha \u00e7ox as\u0131l\u0131 olduqca, t\u0259hl\u00fck\u0259sizliy\u0259 kompleks yana\u015fma daha da aktualla\u015f\u0131r: etibarl\u0131 m\u00fcdafi\u0259 h\u0259ll\u0259r t\u0259tbiq edilm\u0259li, t\u0259hdidl\u0259r proaktiv \u015f\u0259kild\u0259 axtar\u0131lmal\u0131, informasiya sisteml\u0259rind\u0259 komprometasiya \u0259lam\u0259tl\u0259ri m\u00fct\u0259madi olaraq m\u00fc\u0259yy\u0259nl\u0259\u015fdirilm\u0259li
v\u0259 bu i\u015fl\u0259r\u0259 xarici m\u00fct\u0259x\u0259ssisl\u0259r d\u0259 c\u0259lb olunmal\u0131d\u0131r.<\/p>\n\n\n\n

T\u0259cav\u00fczkarlar fayl adlar\u0131n\u0131 (\u201cnginx\u201d v\u0259 \u201ccloud\u201d) birba\u015fa icraolunan fayl\u0131n daxilin\u0259 yerl\u0259\u015fdiribl\u0259r. Bu, klassik maskalanma \u00fcsuludur, y\u0259ni z\u0259r\u0259rli al\u0259tl\u0259ri legitim proqramlar kimi g\u00f6st\u0259rm\u0259y\u0259 imkan verir ki, bu da informasiya t\u0259hl\u00fck\u0259sizliyi m\u00fct\u0259x\u0259ssisl\u0259ri v\u0259 avtomatla\u015fd\u0131r\u0131lm\u0131\u015f m\u00fcdafi\u0259 sisteml\u0259rinin onlar\u0131 a\u015fkar etm\u0259sini \u00e7\u0259tinl\u0259\u015fdirir.<\/p>\n\n\n\n

Kampaniyan\u0131n \u0259trafl\u0131 texniki analizi \u201cSecurelist\u201d sayt\u0131nda d\u0259rc olunub.<\/p>\n\n\n\n

Kaspersky h\u0259ll\u0259ri bu z\u0259r\u0259rli implantlar\u0131 bu adlarla a\u015fkarlay\u0131r: \u201cTrojan.Linux.Agent.gen\u201d v\u0259 \u201cRiskTool.Linux.Miner.gen\u201d
Konteyner platformalar\u0131na qar\u015f\u0131 h\u00fccum riskl\u0259rini azaltmaq \u00fc\u00e7\u00fcn Kaspersky t\u00f6vsiy\u0259 edir:<\/p>\n\n\n\n

    \n
  • \u201cAPI Docker\u201dd\u0259n istifad\u0259 ed\u0259n \u015firk\u0259tl\u0259r\u0259 b\u00fct\u00fcn potensial z\u0259if infrastrukturlar\u0131n t\u0259hl\u00fck\u0259sizlik bax\u0131m\u0131ndan operativ \u015f\u0259kild\u0259 yoxlamaq; \u201cAPI Docker\u201dl\u0259rin z\u0259ruri olmad\u0131qca a\u00e7\u0131q \u015f\u0259kild\u0259 payla\u015f\u0131lmas\u0131ndan imtina etm\u0259k; \u0259g\u0259r API-l\u0259r m\u00fctl\u0259q payla\u015f\u0131lmal\u0131d\u0131rsa, onlar\u0131n TLS (Transport Layer Security) protokolu vasit\u0259sil\u0259 qorumaq;<\/li>\n\n\n\n
  • Aktiv v\u0259 \u0259vv\u0259ll\u0259r m\u0259lum olmayan h\u00fccumlar\u0131n a\u015fkar olunmas\u0131 \u00fc\u00e7\u00fcn \u201cKaspersky Compromise Assessment\u201d kimi xidm\u0259tl\u0259rd\u0259n istifad\u0259 etm\u0259k;<\/li>\n\n\n\n
  • Konteyner m\u00fchitl\u0259rinin qorunmas\u0131 \u00fc\u00e7\u00fcn ixtisasla\u015fm\u0131\u015f t\u0259hl\u00fck\u0259sizlik h\u0259ll\u0259rind\u0259n istifad\u0259 etm\u0259k, m\u0259s\u0259l\u0259n, \u201cKaspersky Container Security\u201d. Bu h\u0259ll konteyner \u0259sasl\u0131 t\u0259tbiql\u0259rin haz\u0131rlanmas\u0131n\u0131n b\u00fct\u00fcn m\u0259rh\u0259l\u0259l\u0259rind\u0259 t\u0259hl\u00fck\u0259sizliyi t\u0259min edir; yaln\u0131z etibarl\u0131 konteynerl\u0259rin i\u015f\u0259 sal\u0131nmas\u0131n\u0131 n\u0259zar\u0259td\u0259 saxlay\u0131r, konteynerl\u0259r daxilind\u0259 \u00e7al\u0131\u015fan t\u0259tbiql\u0259rin v\u0259 servisl\u0259rin f\u0259aliyy\u0259tin\u0259 n\u0259zar\u0259t edir, h\u0259m\u00e7inin \u015f\u0259b\u0259k\u0259 trafikini izl\u0259yir v\u0259 real vaxtda t\u0259hl\u00fck\u0259sizlik t\u0259min edir.<\/li>\n\n\n\n
  • Kaspersky t\u0259r\u0259find\u0259n t\u0259qdim olunan \u201cCompromise Assessment\u201d, \u201cManaged Detection and Response\u201d (MDR) v\u0259 \u201cIncident Response\u201d kimi idar\u0259 olunan t\u0259hl\u00fck\u0259sizlik xidm\u0259tl\u0259rini t\u0259tbiq etm\u0259k. Bu xidm\u0259tl\u0259r insidentl\u0259rin idar\u0259 olunmas\u0131n\u0131n t\u0259hl\u00fck\u0259l\u0259rin a\u015fkar edilm\u0259sind\u0259n tutmu\u015f insidentd\u0259n sonra b\u0259rpa prosesin\u0259d\u0259k b\u00fct\u00fcn m\u0259rh\u0259l\u0259l\u0259rini \u0259hat\u0259 edir. Onlar \u015firk\u0259tl\u0259r\u0259 kibert\u0259hl\u00fck\u0259l\u0259rd\u0259n qorunmaq, insidentl\u0259ri ara\u015fd\u0131rmaq v\u0259 \u0259lav\u0259 ekspert bilikl\u0259rin\u0259 \u00e7\u0131x\u0131\u015f \u0259ld\u0259 etm\u0259k \u00fc\u00e7\u00fcn k\u00f6m\u0259k edir.<\/li>\n<\/ul>\n\n\n\n

    *2025-ci ilin yanvar-aprel aylar\u0131n\u0131n m\u0259lumatlar\u0131
    ** Analiz\u0259 2375 potunda t\u0259hl\u00fck\u0259siz \u015f\u0259kild\u0259 d\u0259rc edilmi\u015f standart \u201cAPI Docker\u201d daxildir<\/p>\n","protected":false},"excerpt":{"rendered":"

    \u201cDero\u201d kriptomayneri \u201cAPI Docker\u201d vasit\u0259sil\u0259 konteynerl\u0259ri k\u00fctl\u0259vi \u015f\u0259kild\u0259 yoluxdurur Potensial h\u0259d\u0259fl\u0259r s\u0131ras\u0131nda texnoloji \u015firk\u0259tl\u0259r, proqram t\u0259minat\u0131 t\u0259rtibat\u00e7\u0131lar\u0131, hostinq provayderl\u0259ri v\u0259 bulud xidm\u0259tl\u0259rinin t\u0259chizat\u00e7\u0131lar\u0131 var.\u201cKaspersky Security Services\u201d xidm\u0259tinin m\u00fct\u0259x\u0259ssisl\u0259ri k\u00fctl\u0259vi \u015f\u0259kild\u0259 konteyner texnologiyalar\u0131n\u0131n (t\u0259tbiqin i\u015f\u0259 sal\u0131nmas\u0131…<\/p>\n","protected":false},"author":2,"featured_media":9274,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[10],"tags":[],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/rockvell.com\/index.php?rest_route=\/wp\/v2\/posts\/36859"}],"collection":[{"href":"https:\/\/rockvell.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/rockvell.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/rockvell.com\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/rockvell.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=36859"}],"version-history":[{"count":1,"href":"https:\/\/rockvell.com\/index.php?rest_route=\/wp\/v2\/posts\/36859\/revisions"}],"predecessor-version":[{"id":36860,"href":"https:\/\/rockvell.com\/index.php?rest_route=\/wp\/v2\/posts\/36859\/revisions\/36860"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/rockvell.com\/index.php?rest_route=\/wp\/v2\/media\/9274"}],"wp:attachment":[{"href":"https:\/\/rockvell.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=36859"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/rockvell.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=36859"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/rockvell.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=36859"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}