{"id":5368,"date":"2022-11-23T10:00:00","date_gmt":"2022-11-23T07:00:00","guid":{"rendered":"https:\/\/rockvell.com\/?p=5368"},"modified":"2022-11-23T10:09:04","modified_gmt":"2022-11-23T07:09:04","slug":"az%c9%99rbaycanda-microsoft-sql-server-d%c9%99n-istifad%c9%99-edil%c9%99n-hucumlarin-sayinda-artim-musahid%c9%99-olunub","status":"publish","type":"post","link":"https:\/\/rockvell.com\/?p=5368","title":{"rendered":"Az\u0259rbaycanda Microsoft SQL Server-d\u0259n istifad\u0259 edil\u0259n h\u00fccumlar\u0131n say\u0131nda art\u0131m m\u00fc\u015fahid\u0259 olunub"},"content":{"rendered":"\n

Az\u0259rbaycanda Microsoft SQL Server-d\u0259n istifad\u0259 edil\u0259n h\u00fccumlar\u0131n say\u0131nda art\u0131m m\u00fc\u015fahid\u0259 olunub<\/strong><\/p>\n\n\n\n

Kaspersky-nin m\u0259lumat\u0131na g\u00f6r\u0259, Az\u0259rbaycanda Microsoft SQL Server-d\u0259n istifad\u0259 vasit\u0259sil\u0259 h\u0259yata ke\u00e7iril\u0259n h\u00fccumlar\u0131n say\u0131 artmaqdad\u0131r: m\u0259s\u0259l\u0259n, bu ilin avqustundan sentyabr ay\u0131na kimi onun aktivliyind\u0259 art\u0131m m\u00fc\u015fahid\u0259 olunub. Microsoft SQL Server d\u00fcnya \u00fczr\u0259 korporasiyalar\u0131n v\u0259 ki\u00e7ik \u015firk\u0259tl\u0259rin m\u0259lumat bazalar\u0131n\u0131 idar\u0259 etm\u0259k \u00fc\u00e7\u00fcn istifad\u0259 etdiyi \u0259sas proqram olaraq qal\u0131r. T\u0259cav\u00fczkarlar onun vasit\u0259sil\u0259 korporativ infrastruktura daxil olma\u011fa \u00e7al\u0131\u015f\u0131rlar.<\/p>\n\n\n\n

\u201cBir \u00e7ox \u015firk\u0259tl\u0259r Microsoft SQL Server proqram t\u0259minat\u0131ndan istifad\u0259 edir, lakin onlar\u0131n he\u00e7 d\u0259 ham\u0131s\u0131 onun istifad\u0259si il\u0259 ba\u011fl\u0131 t\u0259hl\u00fck\u0259l\u0259rd\u0259n qorunma\u011fa laz\u0131mi diqq\u0259ti yetirmir. Bu c\u00fcr h\u00fccumlar \u00e7oxdan m\u0259lum olsa da, h\u0259l\u0259 d\u0259 t\u0259cav\u00fczkarlara u\u011fur g\u0259tirir\u201d – dey\u0259 Kaspersky-nin Kibert\u0259hl\u00fck\u0259sizliyin Monitorinq M\u0259rk\u0259zinin r\u0259hb\u0259ri Sergey Soldatov qeyd edir.<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

PowerShell skriptl\u0259ri v\u0259 PNG fayllar\u0131<\/strong>. Bu insidentl\u0259rd\u0259n birinin texniki t\u0259f\u0259rr\u00fcatlar\u0131 Kaspersky Managed Detection and Response hesabat\u0131nda \u0259ks olunub. Kaspersky m\u00fct\u0259x\u0259ssisl\u0259ri burada server agentinin yerin\u0259 yetirdiyi \u0259mrl\u0259rin ard\u0131c\u0131ll\u0131\u011f\u0131n\u0131 \u0259trafl\u0131 t\u0259svir edirl\u0259r.<\/p>\n\n\n\n

\u201cT\u0259cav\u00fczkarlar PowerShell vasit\u0259sil\u0259 z\u0259r\u0259rli proqram\u0131 i\u015f\u0259 salmaq \u00fc\u00e7\u00fcn server konfiqurasiyas\u0131n\u0131 d\u0259yi\u015fdirm\u0259y\u0259 v\u0259 \u0259mrl\u0259r panelin\u0259 giri\u015f \u0259ld\u0259 etm\u0259y\u0259 \u00e7al\u0131\u015f\u0131blar. \u018fl\u0259 ke\u00e7irilmi\u015f SQL Server bir \u00e7ox xarici IP \u00fcnvanlar\u0131 il\u0259 \u0259laq\u0259 yaradan z\u0259r\u0259rli PowerShell skriptini i\u015f\u0259 salma\u011fa c\u0259hd edib. Skript \u201cMsiMake\u201d atributundan istifad\u0259 ed\u0259r\u0259k, bu IP \u00fcnvanlarda yerl\u0259\u015f\u0259n v\u0259 .png fayllar\u0131 kimi maskalanm\u0131\u015f z\u0259r\u0259rli proqram\u0131 i\u015f\u0259 sal\u0131b ki, bu da b\u00f6y\u00fck \u00f6l\u00e7\u00fcd\u0259 PurpleFox z\u0259r\u0259rli proqram t\u0259minat\u0131n\u0131n davran\u0131\u015f\u0131n\u0131 xat\u0131rlad\u0131r\u201d, – Soldatov izah edir.<\/p>\n\n\n\n

Biznes \u00fc\u00e7\u00fcn Kaspersky Endpoint Security v\u0259 Kaspersky Managed Detection and Response h\u0259ll\u0259ri bu c\u00fcr h\u00fccumlar\u0131 u\u011furla a\u015fkar edir.<\/p>\n\n\n\n

Hesabat\u0131n tam versiyas\u0131n\u0131 Securelist.ru<\/a> sayt\u0131ndan oxuya bil\u0259rsiniz.<\/p>\n\n\n\n

\u015eirk\u0259tinizi bu c\u00fcr t\u0259hl\u00fck\u0259l\u0259rd\u0259n qorumaq \u00fc\u00e7\u00fcn Kaspersky m\u00fct\u0259x\u0259ssisl\u0259ri t\u00f6vsiy\u0259 edir:<\/p>\n\n\n\n