{"id":14062,"date":"2026-04-30T08:34:06","date_gmt":"2026-04-30T08:34:06","guid":{"rendered":"https:\/\/busondakika.com.tr\/?p=14062"},"modified":"2026-04-30T08:34:07","modified_gmt":"2026-04-30T08:34:07","slug":"kaspersky-yazilim-tedarik-zincirlerini-hedef-alan-zararli-paketlerde-kuresel-olcekte-%37-artis-tespit-etti","status":"publish","type":"post","link":"https:\/\/busondakika.com.tr\/?p=14062","title":{"rendered":"Kaspersky, yaz\u0131l\u0131m tedarik zincirlerini hedef alan zararl\u0131 paketlerde k\u00fcresel \u00f6l\u00e7ekte %37 art\u0131\u015f tespit etti"},"content":{"rendered":"<p> <strong>Kaspersky telemetri verilerine g\u00f6re, 2025 y\u0131l\u0131 sonu itibar\u0131yla a\u00e7\u0131k kaynak projelerde tespit edilen zararl\u0131 paket say\u0131s\u0131 yakla\u015f\u0131k 19.500\u2019e ula\u015ft\u0131. Bu rakam, 2024 y\u0131l\u0131 sonuna k\u0131yasla %37\u2019lik bir art\u0131\u015fa i\u015faret ediyor.<\/strong><\/p>\n<p>G\u00fcn\u00fcm\u00fcz yaz\u0131l\u0131m geli\u015ftirme s\u00fcre\u00e7leri a\u00e7\u0131k kaynak bile\u015fenlerinden ba\u011f\u0131ms\u0131z d\u00fc\u015f\u00fcn\u00fclemiyor. Ancak a\u00e7\u0131k kaynak yaz\u0131l\u0131mlar, kas\u0131tl\u0131 olarak gizlenmi\u015f tehditler bar\u0131nd\u0131rabiliyor ve bu durum, zararl\u0131 paketler i\u00e7eren \u00fcr\u00fcnlerin manip\u00fclasyona a\u00e7\u0131k hale gelmesine, tedarik zinciri sald\u0131r\u0131lar\u0131 da dahil olmak \u00fczere ciddi riskler do\u011furmas\u0131na neden olabiliyor. Kaspersky\u2019nin\u00a0k\u00fcresel \u00e7apta ger\u00e7ekle\u015ftirdi\u011fi yeni ara\u015ft\u0131rmaya\u00a0g\u00f6re, tedarik zinciri sald\u0131r\u0131lar\u0131 son bir y\u0131lda i\u015fletmelerin kar\u015f\u0131 kar\u015f\u0131ya kald\u0131\u011f\u0131 en yayg\u0131n siber tehdit t\u00fcr\u00fc olarak \u00f6ne \u00e7\u0131k\u0131yor.<\/p>\n<p>Kaspersky, son d\u00f6nemde \u00f6ne \u00e7\u0131kan y\u00fcksek profilli tedarik zinciri sald\u0131r\u0131lar\u0131na dikkat \u00e7ekiyor:<\/p>\n<ul>\n<li>Nisan 2026\u2019da, donan\u0131m performans\u0131n\u0131 izlemek i\u00e7in d\u00fcnya genelinde donan\u0131m merakl\u0131lar\u0131, BT y\u00f6neticileri ve sistem kurucular\u0131 taraf\u0131ndan kullan\u0131lan \u00fccretsiz ara\u00e7lar CPU-Z ve HWMonitor\u2019\u00fcn resmi web sitesi ele ge\u00e7irildi. Bu s\u00fcre\u00e7te, me\u015fru yaz\u0131l\u0131m indirmeleri sessizce zararl\u0131 yaz\u0131l\u0131m i\u00e7eren kurulum dosyalar\u0131yla de\u011fi\u015ftirildi.\u00a0Kaspersky GReAT analizine g\u00f6re\u00a0sald\u0131r\u0131n\u0131n aktif oldu\u011fu s\u00fcre yakla\u015f\u0131k 19 saati buldu. Kaspersky telemetrisi, farkl\u0131 \u00fclkelerde 150\u2019den fazla kullan\u0131c\u0131n\u0131n bu sald\u0131r\u0131dan etkilendi\u011fini g\u00f6sterdi. Etkilenenlerin b\u00fcy\u00fck \u00e7o\u011funlu\u011funu bireysel kullan\u0131c\u0131lar olu\u015ftururken, bu durum hedef al\u0131nan yaz\u0131l\u0131m\u0131n t\u00fcketici odakl\u0131 yap\u0131s\u0131yla \u00f6rt\u00fc\u015f\u00fcyor. Etkilenen kurumlar aras\u0131nda perakende, \u00fcretim, dan\u0131\u015fmanl\u0131k, telekom\u00fcnikasyon ve tar\u0131m sekt\u00f6rlerinden kurulu\u015flar yer ald\u0131.<\/li>\n<li>Mart 2026\u2019da, en yayg\u0131n kullan\u0131lan JavaScript HTTP istemcilerinden biri olan Axios hedef al\u0131nd\u0131. Sald\u0131rganlar bir geli\u015ftirici hesab\u0131n\u0131 ele ge\u00e7irerek paketin zararl\u0131 s\u00fcr\u00fcmlerini (1.14.1 ve 0.30.4) yay\u0131mlad\u0131. Bu s\u00fcr\u00fcmlerde Axios\u2019un kendisinde do\u011frudan zararl\u0131 kod bulunmamakla birlikte, arka planda \u00e7al\u0131\u015fan gizli bir ba\u011f\u0131ml\u0131l\u0131k \u00fczerinden \u00e7al\u0131\u015fan, platformlar aras\u0131 bir RAT (uzaktan eri\u015fim arac\u0131) devreye sokuldu. Bu ara\u00e7, bir komuta-kontrol (C&amp;C) sunucusuyla ileti\u015fim kurduktan sonra macOS, Windows ve Linux sistemlerde izlerini silerek gizlendi. Her iki s\u00fcr\u00fcm de saatler i\u00e7inde kald\u0131r\u0131l\u0131rken, ilgili ba\u011f\u0131ml\u0131l\u0131k h\u0131zla g\u00fcvenlik gerek\u00e7esiyle ask\u0131ya ve incelemeye al\u0131nd\u0131. Kaspersky GReAT, sald\u0131r\u0131n\u0131n tekil olmad\u0131\u011f\u0131n\u0131; 2025 y\u0131l\u0131nda Security Analyst Summit\u2019te payla\u015f\u0131lan Bluenoroff\u2019un GhostCall ve GhostHire\u00a0kampanyalar\u0131yla\u00a0benzer taktik, teknik ve prosed\u00fcrler i\u00e7erdi\u011fini do\u011frulad\u0131.<\/li>\n<li>\u015eubat 2026\u2019da, yayg\u0131n olarak kullan\u0131lan a\u00e7\u0131k kaynak metin ve kod edit\u00f6r\u00fc Notepad++\u2019\u0131n geli\u015ftiricileri, altyap\u0131lar\u0131n\u0131n bir bar\u0131nd\u0131rma sa\u011flay\u0131c\u0131s\u0131ndan kaynaklanan bir olay nedeniyle ihlal edildi\u011fini a\u00e7\u0131klad\u0131. Kaspersky GReAT ara\u015ft\u0131rmac\u0131lar\u0131, bu sald\u0131r\u0131n\u0131n arkas\u0131ndaki akt\u00f6rlerin en az \u00fc\u00e7 farkl\u0131 enfeksiyon zinciri kulland\u0131\u011f\u0131n\u0131\u00a0tespit etti. Sald\u0131r\u0131 kapsam\u0131nda Filipinler\u2019de bir kamu kurumu, El Salvador\u2019da bir finans kurulu\u015fu, Vietnam\u2019da bir BT hizmet sa\u011flay\u0131c\u0131s\u0131 ve farkl\u0131 \u00fclkelerde bireysel kullan\u0131c\u0131lar hedef al\u0131nd\u0131.<\/li>\n<\/ul>\n<p><strong>Kaspersky GReAT Rusya ve BDT B\u00f6lgesi Ba\u015fkan\u0131 Dmitry Galov<\/strong>\u00a0konuyla ilgili \u015funlar\u0131 s\u00f6yledi: \u201c<em>Yapt\u0131\u011f\u0131m\u0131z ara\u015ft\u0131rmaya g\u00f6re, kurumsal i\u015fletmelerin %31\u2019i son 12 ay i\u00e7inde bir tedarik zinciri sald\u0131r\u0131s\u0131ndan etkilendi. Bununla birlikte, a\u00e7\u0131k kaynak projelerin g\u00fcvenlik seviyesi her zaman tescilli yaz\u0131l\u0131m sa\u011flay\u0131c\u0131lar\u0131n\u0131n \u00e7\u00f6z\u00fcmlerinden daha d\u00fc\u015f\u00fck de\u011fildir. Baz\u0131 durumlarda aktif bir a\u00e7\u0131k kaynak toplulu\u011fu, g\u00fcvenlik a\u00e7\u0131klar\u0131n\u0131 daha h\u0131zl\u0131 tespit edip giderebilirken, kapal\u0131 sistemler genellikle yaln\u0131zca i\u00e7 ekiplerin denetimlerine dayan\u0131r. A\u00e7\u0131k kaynak toplulu\u011fu ortaya \u00e7\u0131kan riskleri yak\u0131ndan takip ederken, siber g\u00fcvenlik uzmanlar\u0131 da a\u00e7\u0131k kaynak yaz\u0131l\u0131mlardaki zafiyetleri ve zararl\u0131 kodlar\u0131 tespit ederek kullan\u0131c\u0131lar\u0131 ve toplulu\u011fu h\u0131zla bilgilendiriyor. Riskleri tamamen ortadan kald\u0131rmak m\u00fcmk\u00fcn olmasa da g\u00fcvenlik \u00e7\u00f6z\u00fcmleri ve otomatik kod analiz ara\u00e7lar\u0131 sayesinde bu riskler \u00f6nemli \u00f6l\u00e7\u00fcde azalt\u0131labilir.\u201d<\/em><\/p>\n<p><strong>Kaspersky, kurumlar\u0131n g\u00fcvenli\u011fini art\u0131rmak i\u00e7in \u015fu ad\u0131mlar\u0131 \u00f6neriyor:<\/strong><\/p>\n<ul>\n<li>A\u00e7\u0131k kaynak bile\u015fenleri izlemek ve potansiyel tehditleri tespit etmek i\u00e7in\u00a0Kaspersky Open Source Software Threats Data Feed\u00a0gibi \u00e7\u00f6z\u00fcmlerden yararlan\u0131n.<\/li>\n<li>S\u00fcrekli izleme sa\u011flay\u0131n. Kurum i\u00e7i kaynaklara ba\u011fl\u0131 olarak, ger\u00e7ek zamanl\u0131 altyap\u0131 takibi ve yaz\u0131l\u0131m ile a\u011f trafi\u011findeki anomalileri tespit etmek i\u00e7in\u00a0Kaspersky Next\u00a0\u00fcr\u00fcn ailesinin par\u00e7as\u0131 olan\u00a0XDR\u00a0veya\u00a0MXDR\u00a0\u00e7\u00f6z\u00fcmlerini kullan\u0131n.<\/li>\n<li>Geli\u015fen tehditler hakk\u0131nda g\u00fcncel kal\u0131n. A\u00e7\u0131k kaynak ekosistemine ili\u015fkin g\u00fcvenlik b\u00fcltenlerine ve duyurulara abone olarak tehditlerden erken haberdar olun.<\/li>\n<li>Bir olay m\u00fcdahale plan\u0131 olu\u015fturun. Bu plan\u0131n tedarik zinciri sald\u0131r\u0131lar\u0131n\u0131 kapsad\u0131\u011f\u0131ndan ve ihlallerin h\u0131zl\u0131 \u015fekilde tespit edilip s\u0131n\u0131rland\u0131r\u0131lmas\u0131na y\u00f6nelik ad\u0131mlar i\u00e7erdi\u011finden emin olun. \u00d6rne\u011fin, gerekirse tedarik\u00e7inin \u015firket sistemleriyle ba\u011flant\u0131s\u0131n\u0131 kesmeye y\u00f6nelik prosed\u00fcrler belirleyin.<\/li>\n<li>Tedarik\u00e7ilerle g\u00fcvenlik konular\u0131nda i\u015f birli\u011fi yap\u0131n. Bu yakla\u015f\u0131m, her iki taraf\u0131n da korunma seviyesini art\u0131r\u0131r ve g\u00fcvenli\u011fi ortak bir \u00f6ncelik haline getirir.<\/li>\n<\/ul>\n<p>\u00a0<\/p>\n<p>Kaynak: (BYZHA) Beyaz Haber Ajans\u0131<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Kaspersky telemetri verilerine g\u00f6re, 2025 y\u0131l\u0131 sonu itibar\u0131yla a\u00e7\u0131k kaynak projelerde tespit edilen zararl\u0131 paket say\u0131s\u0131 yakla\u015f\u0131k 19.<\/p>\n","protected":false},"author":1,"featured_media":14063,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[25],"tags":[],"class_list":["post-14062","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-teknoloji"],"_links":{"self":[{"href":"https:\/\/busondakika.com.tr\/index.php?rest_route=\/wp\/v2\/posts\/14062","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/busondakika.com.tr\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/busondakika.com.tr\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/busondakika.com.tr\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/busondakika.com.tr\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=14062"}],"version-history":[{"count":1,"href":"https:\/\/busondakika.com.tr\/index.php?rest_route=\/wp\/v2\/posts\/14062\/revisions"}],"predecessor-version":[{"id":14064,"href":"https:\/\/busondakika.com.tr\/index.php?rest_route=\/wp\/v2\/posts\/14062\/revisions\/14064"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/busondakika.com.tr\/index.php?rest_route=\/wp\/v2\/media\/14063"}],"wp:attachment":[{"href":"https:\/\/busondakika.com.tr\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=14062"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/busondakika.com.tr\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=14062"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/busondakika.com.tr\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=14062"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}