{"id":192,"date":"2025-05-07T20:10:16","date_gmt":"2025-05-07T20:10:16","guid":{"rendered":"https:\/\/365crypto.org\/tr\/2025\/05\/07\/rusya-destekli-hacker-grubu-coldriver-batili-kuruluslari-hedefleyen-yeni-malware-dagitti\/"},"modified":"2025-05-07T20:10:16","modified_gmt":"2025-05-07T20:10:16","slug":"rusya-destekli-hacker-grubu-coldriver-batili-kuruluslari-hedefleyen-yeni-malware-dagitti","status":"publish","type":"post","link":"https:\/\/365crypto.org\/tr\/2025\/05\/07\/rusya-destekli-hacker-grubu-coldriver-batili-kuruluslari-hedefleyen-yeni-malware-dagitti\/","title":{"rendered":"Rusya Destekli Hacker Grubu COLDRIVER, Bat\u0131l\u0131 Kurulu\u015flar\u0131 Hedefleyen Yeni Malware Da\u011f\u0131tt\u0131"},"content":{"rendered":"<p>7 May\u0131s 2025\u2019te Google\u2019\u0131n Threat Intelligence ekibi, Rusya destekli siber casusluk grubu COLDRIVER\u2019\u0131n \u201cLOSTKEYS\u201d adl\u0131 yeni bir malware varyant\u0131 geli\u015ftirdi\u011fini bildirdi. Bu malware, grubun geleneksel oltalama taktiklerinden daha geli\u015fmi\u015f siber sald\u0131r\u0131lara y\u00f6neldi\u011fini g\u00f6steriyor.<\/p>\n<p>LOSTKEYS Malware\u2019\u0131n Temel \u00d6zellikleri:<\/p>\n<p>Veri \u00c7\u0131karma: LOSTKEYS, enfekte sistemlerdeki belirli uzant\u0131 ve dizinlerden dosya \u00e7almak \u00fczere tasarland\u0131.<\/p>\n<p>Sistem G\u00f6zetimi: Malware, detayl\u0131 sistem bilgilerini toplar ve \u00e7al\u0131\u015fan s\u00fcre\u00e7leri izleyerek bu verileri COLDRIVER sunucular\u0131na iletir.<\/p>\n<p>Sofistike Da\u011f\u0131t\u0131m S\u00fcreci:<\/p>\n<p>Tuzak site kullan\u0131c\u0131ya sahte CAPTCHA sunar.<\/p>\n<p>Bir PowerShell beti\u011fi kullan\u0131c\u0131n\u0131n panosuna indirilir.<\/p>\n<p>Betik \u00e7al\u0131\u015ft\u0131r\u0131l\u0131r ve nihai y\u00fck al\u0131n\u0131r.<\/p>\n<p>Malware sisteme kurulmu\u015f olur.<\/p>\n<p>Google, \u201c165.227.148[.]68\u201d IP adresini bu k\u00f6t\u00fc ama\u00e7l\u0131 faaliyetle ili\u015fkili olarak belirledi ve kullan\u0131c\u0131lar\u0131 korumak \u00fczere ilgili siteleri Safe Browsing \u00f6zelli\u011fine ekledi.<\/p>\n<p>COLDRIVER Hakk\u0131nda:<br \/>\nCOLDRIVER, Blue Callisto, BlueCharlie ve Star Blizzard gibi takma adlarla da bilinir ve en az 2019\u2019dan beri aktiftir. Grup, Rusya Federal G\u00fcvenlik Servisi ile ba\u011flant\u0131l\u0131d\u0131r ve NATO ortaklar\u0131, STK\u2019lar ve gazeteciler dahil olmak \u00fczere y\u00fcksek profilli Bat\u0131l\u0131 ki\u015fi ve kurulu\u015flar\u0131 hedef alarak istihbarat topluyor.<\/p>\n<p>2025 ba\u015flar\u0131nda COLDRIVER, Bat\u0131l\u0131 h\u00fck\u00fcmet dan\u0131\u015fmanlar\u0131, askeri personel ve Ukrayna ile ba\u011flant\u0131l\u0131 ki\u015fileri hedef ald\u0131. Daha \u00f6nce 2022\u2019de grup, \u00fc\u00e7 ABD n\u00fckleer ara\u015ft\u0131rma laboratuvar\u0131na s\u0131zd\u0131 ve eski \u0130ngiliz istihbarat \u015fefi Richard Dearlove ile Brexit yanl\u0131s\u0131 isimlerin e-postalar\u0131n\u0131 s\u0131zd\u0131rd\u0131.<\/p>\n<p>Sonu\u00e7lar:<br \/>\nLOSTKEYS\u2019in ortaya \u00e7\u0131k\u0131\u015f\u0131, devlet destekli siber akt\u00f6rlerin olu\u015fturdu\u011fu tehdit ortam\u0131n\u0131n evrildi\u011fini g\u00f6steriyor. \u00d6zellikle h\u00fck\u00fcmet ve sivil toplum kurulu\u015flar\u0131n\u0131n siber g\u00fcvenlik \u00f6nlemlerini g\u00fc\u00e7lendirmesi, oltalama giri\u015fimlerine kar\u015f\u0131 dikkatli olmas\u0131 ve sistemlerini g\u00fcncel tutmas\u0131 \u00f6nerilir.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>7 May\u0131s 2025\u2019te Google\u2019\u0131n Threat Intelligence ekibi, Rusya destekli siber casusluk grubu COLDRIVER\u2019\u0131n \u201cLOSTKEYS\u201d adl\u0131 yeni bir malware varyant\u0131 geli\u015ftirdi\u011fini&#8230;&#8230;<\/p>\n","protected":false},"author":33,"featured_media":191,"comment_status":"","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[405,408,406,407,160,409,75],"class_list":["post-192","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-haberler","tag-coldriver","tag-google","tag-lostkeys","tag-malware","tag-rusya","tag-siber-casusluk","tag-siber-guvenlik"],"jetpack_featured_media_url":"https:\/\/365crypto.org\/tr\/wp-content\/uploads\/sites\/23\/2025\/05\/a-cartoon-style-illustration-of-a-shadow_8IWeZmhjT4KUd87HQMum_w_BvGR3Sz9QAeYoI3-SWYr_Q.jpeg","_links":{"self":[{"href":"https:\/\/365crypto.org\/tr\/wp-json\/wp\/v2\/posts\/192","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/365crypto.org\/tr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/365crypto.org\/tr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/365crypto.org\/tr\/wp-json\/wp\/v2\/users\/33"}],"replies":[{"embeddable":true,"href":"https:\/\/365crypto.org\/tr\/wp-json\/wp\/v2\/comments?post=192"}],"version-history":[{"count":0,"href":"https:\/\/365crypto.org\/tr\/wp-json\/wp\/v2\/posts\/192\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/365crypto.org\/tr\/wp-json\/wp\/v2\/media\/191"}],"wp:attachment":[{"href":"https:\/\/365crypto.org\/tr\/wp-json\/wp\/v2\/media?parent=192"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/365crypto.org\/tr\/wp-json\/wp\/v2\/categories?post=192"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/365crypto.org\/tr\/wp-json\/wp\/v2\/tags?post=192"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}