{"id":41760,"date":"2025-10-26T01:00:00","date_gmt":"2025-10-25T22:00:00","guid":{"rendered":"https:\/\/rockvell.com\/?p=41760"},"modified":"2025-10-26T13:52:15","modified_gmt":"2025-10-26T10:52:15","slug":"passiveneuronun-qayidisi","status":"publish","type":"post","link":"https:\/\/rockvell.com\/?p=41760","title":{"rendered":"\u201cPassiveNeuron\u201dun qay\u0131d\u0131\u015f\u0131"},"content":{"rendered":"\n

\u201cPassiveNeuron\u201dun qay\u0131d\u0131\u015f\u0131: t\u0259cav\u00fczkarlar m\u00fcxt\u0259lif \u00f6lk\u0259l\u0259rd\u0259 iri t\u0259\u015fkilatlar\u0131n serverl\u0259rin\u0259 h\u00fccum edibl\u0259r<\/strong><\/p>\n\n\n\n

Kaspersky GReAT m\u00fct\u0259x\u0259ssisl\u0259ri 2024-c\u00fc ilin dekabr\u0131ndan 2025-ci ilin avqustuna q\u0259d\u0259r davam etmi\u015f \u201cPassiveNeuron\u201d infeksiyalar\u0131n\u0131n yeni dal\u011fas\u0131n\u0131 t\u0259hlil edibl\u0259r. H\u00fccumlar Asiya, Afrika v\u0259 Lat\u0131n Amerikas\u0131nda h\u00f6kum\u0259t, maliyy\u0259 v\u0259 s\u0259naye t\u0259\u015fkilatlar\u0131na t\u0259sir g\u00f6st\u0259rib. Kampaniyan\u0131n f\u0259rqli x\u00fcsusiyy\u0259ti onun \u201cWindows Server\u201d \u0259m\u0259liyyat sisteml\u0259rini \u0259sas h\u0259d\u0259f kimi g\u00f6t\u00fcrm\u0259sidir.<\/p>\n\n\n\n

H\u00fccumlar\u0131n xronologiyas\u0131<\/strong>. Kaspersky m\u00fcr\u0259kk\u0259b h\u0259d\u0259fli \u201cPassiveNeuron\u201d kampaniyas\u0131n\u0131 ilk d\u0259f\u0259 2024-c\u00fc ilin iyununda a\u015fkara \u00e7\u0131xar\u0131b. Alt\u0131 ayl\u0131q fasil\u0259d\u0259n sonra t\u0259cav\u00fczkarlar 2024-c\u00fc ilin dekabr\u0131nda \u00f6z f\u0259aliyy\u0259tl\u0259rini b\u0259rpa edibl\u0259r. Bu d\u0259f\u0259 onlar h\u0259d\u0259f kimi se\u00e7dikl\u0259ri \u00fc\u00e7 \u0259sas al\u0259tin \u015f\u0259b\u0259k\u0259sin\u0259 giri\u015f \u00fc\u00e7\u00fcn istifad\u0259 edibl\u0259r: \u201cCobalt Strike\u201d \u00e7\u0259r\u00e7iv\u0259si v\u0259 \u0259vv\u0259ll\u0259r m\u0259lum olmayan iki al\u0259t \u2013 \u201cNeursite\u201d v\u0259 \u201cNeuralExxor\u201d.<\/p>\n\n\n\n

Yeni al\u0259tl\u0259r<\/strong>. \u201cNeursite\u201d \u2013 sistem m\u0259lumatlar\u0131n\u0131 toplaya, i\u015fl\u0259k prosesl\u0259r\u0259 n\u0259zar\u0259t ed\u0259 v\u0259 \u015f\u0259b\u0259k\u0259 trafikini \u0259l\u0259 ke\u00e7irilmi\u015f hostlar vasit\u0259sil\u0259 y\u00f6nl\u0259ndir\u0259r\u0259k \u015f\u0259b\u0259k\u0259 boyunca yerl\u0259\u015fdirm\u0259y\u0259 imkan ver\u0259n modul tipli gizli m\u00fcdaxil\u0259 (backdoor) metodudur. Onun h\u0259m xarici komanda-n\u0259zar\u0259t serverl\u0259ri, h\u0259m d\u0259 m\u00fcdaxil\u0259 edilmi\u015f sisteml\u0259rl\u0259 m\u0259lumat m\u00fcbadil\u0259si aparan n\u00fcmun\u0259l\u0259r a\u015fkar edilib. \u201cNeuralExecutor\u201d \u00e7ox sayda kommunikasiya \u00fcsullar\u0131n\u0131 d\u0259st\u0259kl\u0259y\u0259n, komanda-n\u0259zar\u0259t serverind\u0259n \u0259ld\u0259 edilmi\u015f \u201c.NET\u201d birl\u0259\u015fm\u0259l\u0259rini \u0259ld\u0259 ed\u0259r\u0259k icra ed\u0259 bil\u0259n f\u0259rdil\u0259\u015fdirilmi\u015f \u201c.NET\u201d implantat\u0131d\u0131r.<\/p>\n\n\n

\n
\"\"<\/figure><\/div>\n\n\n

Atribusiya<\/strong>. Yeni kampaniyan\u0131 t\u0259hlil etdikd\u0259n sonra Kaspersky GReAT m\u00fct\u0259x\u0259ssisl\u0259ri ilkin yoluxma ard\u0131c\u0131ll\u0131\u011f\u0131n\u0131 m\u00fc\u0259yy\u0259n ed\u0259 v\u0259 atribusiya f\u0259rziyy\u0259l\u0259rini ir\u0259li s\u00fcr\u0259 bilibl\u0259r. M\u00fc\u015fahid\u0259 edil\u0259n n\u00fcmun\u0259l\u0259rd\u0259 funksiya adlar\u0131, g\u00fcman ki, t\u0259cav\u00fczkarlar t\u0259r\u0259find\u0259n q\u0259sd\u0259n t\u0259qdim edilmi\u015f kiril simvollar\u0131ndan ibar\u0259t s\u0259tirl\u0259rl\u0259 \u0259v\u0259z edilib. Bu c\u00fcr artefaktlar kampaniyaya aid edil\u0259rk\u0259n diqq\u0259tli qiym\u0259tl\u0259ndirm\u0259 t\u0259l\u0259b edir. T\u0259cav\u00fczkarlar onlardan t\u0259dqiqat\u00e7\u0131lar\u0131 \u00e7a\u015fd\u0131rmaq \u00fc\u00e7\u00fcn istifad\u0259 ed\u0259 bil\u0259rl\u0259r. \u201cPassiveNeuron\u201d kampaniyas\u0131n\u0131n taktikas\u0131n\u0131n, texnikas\u0131n\u0131n v\u0259 prosedurlar\u0131n\u0131n (TTP) t\u0259hlilin\u0259 \u0259saslanaraq, Kaspersky GReAT haz\u0131rda a\u015fa\u011f\u0131 ehtimala baxmayaraq, f\u0259aliyy\u0259ti \u00e7indilli qrupa aid edir.<\/p>\n\n\n\n

“Yeni \u2018PassiveNeuron\u2019 kampaniyas\u0131nda t\u0259cav\u00fczkarlar diqq\u0259ti tez-tez korporativ \u015f\u0259b\u0259k\u0259l\u0259rin \u0259sas\u0131n\u0131 t\u0259\u015fkil ed\u0259n serverl\u0259r\u0259 m\u00fcdaxil\u0259y\u0259 y\u00f6n\u0259ldirl\u0259r. Bu c\u00fcr h\u0259d\u0259fl\u0259r, x\u00fcsus\u0259n d\u0259 internetd\u0259n \u0259ld\u0259 edil\u0259 bil\u0259n h\u0259d\u0259fl\u0259r, m\u00fcr\u0259kk\u0259b h\u0259d\u0259fli kiberh\u00fccumlar h\u0259yata ke\u00e7ir\u0259n qruplar \u00fc\u00e7\u00fcn maraql\u0131d\u0131r, \u00e7\u00fcnki s\u0131nd\u0131r\u0131lm\u0131\u015f bir host bel\u0259 kritik sisteml\u0259r\u0259 \u00e7\u0131x\u0131\u015f\u0131 t\u0259min ed\u0259 bil\u0259r. H\u00fccumlar\u0131 minimuma endirm\u0259k v\u0259 potensial yoluxmalar a\u015fkar etm\u0259k v\u0259 onlar\u0131n qar\u015f\u0131s\u0131n\u0131 almaq \u00fc\u00e7\u00fcn server t\u0259tbiql\u0259rini m\u00fcnt\u0259z\u0259m yoxlamaq \u00e7ox vacibdir”, – dey\u0259 Kasperky GreAT eksperti Georgi Ku\u00e7erin qeyd edir.<\/p>\n\n\n\n

\u201cPassiveNeuron\u201d kampaniyas\u0131 haqq\u0131nda \u0259trafl\u0131 m\u0259lumat\u0131 Securelist.ru<\/a> sayt\u0131ndan \u0259ld\u0259 etm\u0259k olar.<\/p>\n\n\n\n

H\u0259d\u0259fli kiberh\u00fccumlardan qorunmaq \u00fc\u00e7\u00fcn Kaspersky t\u0259\u015fkilatlara t\u00f6vsiy\u0259 edir:<\/p>\n\n\n\n