{"id":15253,"date":"2026-05-06T08:41:21","date_gmt":"2026-05-06T08:41:21","guid":{"rendered":"https:\/\/busondakika.com.tr\/?p=15253"},"modified":"2026-05-06T08:41:22","modified_gmt":"2026-05-06T08:41:22","slug":"scarcruft-tedarik-zinciri-saldirisiyla-oyun-platformunu-ele-gecirdi","status":"publish","type":"post","link":"https:\/\/busondakika.com.tr\/?p=15253","title":{"rendered":"ScarCruft tedarik zinciri sald\u0131r\u0131s\u0131yla oyun platformunu ele ge\u00e7irdi"},"content":{"rendered":"

Siber \u00a0g\u00fcvenlik \u015firketi ESET\u2019in bulgular\u0131na g\u00f6re, Kuzey Kore ba\u011flant\u0131l\u0131 APT grubu ScarCruft, tedarik zinciri casusluk sald\u0131r\u0131s\u0131 kapsam\u0131nda bir oyun platformunu ele ge\u00e7irdi. Kampanya ile \u00a0ama\u00e7lanan casusluk; arka kap\u0131, ki\u015fisel verileri ve belgeleri toplamak, ekran g\u00f6r\u00fcnt\u00fcleri almak ve ses kay\u0131tlar\u0131 yapmak. Sald\u0131r\u0131n\u0131n, Kuzey Kore rejimi taraf\u0131ndan ilgi \u00e7ekici g\u00f6r\u00fclen ki\u015filer, b\u00fcy\u00fck olas\u0131l\u0131kla m\u00fclteciler veya ka\u00e7aklar hakk\u0131nda bilgi toplamay\u0131 ama\u00e7lad\u0131\u011f\u0131 d\u00fc\u015f\u00fcn\u00fcl\u00fcyor.<\/strong><\/p>\n

\u00a0<\/strong>ESET ara\u015ft\u0131rmac\u0131lar\u0131, Kuzey Kore ile ba\u011flant\u0131l\u0131 APT grubu ScarCruft taraf\u0131ndan \u00c7in’in Yanbian b\u00f6lgesini hedef alan \u00e7ok platformlu bir tedarik zinciri sald\u0131r\u0131s\u0131 ortaya \u00e7\u0131kard\u0131. Yanbian, etnik Korelilerin ya\u015fad\u0131\u011f\u0131 ve Kuzey Koreli m\u00fclteciler ile ka\u00e7aklar\u0131n ge\u00e7i\u015f noktas\u0131 olan bir b\u00f6lge. 2024 y\u0131l\u0131 sonlar\u0131ndan beri devam etti\u011fi d\u00fc\u015f\u00fcn\u00fclen sald\u0131r\u0131da ScarCruft, Yanbian temal\u0131 oyunlara adanm\u0131\u015f bir video oyun platformunun Windows ve Android bile\u015fenlerini ele ge\u00e7irerek bunlar\u0131 bir arka kap\u0131 ile trojanla\u015ft\u0131rd\u0131. ESET taraf\u0131ndan BirdCall olarak adland\u0131r\u0131lan bu arka kap\u0131n\u0131n ba\u015flang\u0131\u00e7ta yaln\u0131zca Windows’u hedefledi\u011fi biliniyordu; Android s\u00fcr\u00fcm\u00fc ise daha sonra bu tedarik zinciri sald\u0131r\u0131s\u0131n\u0131n bir par\u00e7as\u0131 olarak ke\u015ffedildi. \u00a0<\/p>\n

Son sald\u0131r\u0131da ke\u015ffedilen BirdCall’un Android s\u00fcr\u00fcm\u00fc, Windows arka kap\u0131s\u0131n\u0131n komut ve yeteneklerinin bir alt k\u00fcmesini uyguluyor; ki\u015fi listelerini, SMS mesajlar\u0131n\u0131, arama kay\u0131tlar\u0131n\u0131, belgeleri, medya dosyalar\u0131n\u0131 ve \u00f6zel anahtarlar\u0131 topluyor. Ayr\u0131ca ekran g\u00f6r\u00fcnt\u00fcleri alabiliyor ve \u00e7evresindeki sesleri kaydedebiliyor. ESET, bu ara\u015ft\u0131rmaya dayanarak Android BirdCall’un birka\u00e7 ay boyunca aktif olarak geli\u015ftirildi\u011fini ve en az yedi s\u00fcr\u00fcm\u00fcn kullan\u0131ma sunuldu\u011funu ke\u015ffetti.<\/p>\n

Bu sald\u0131r\u0131da ele ge\u00e7irilen web sitesi Yanbian halk\u0131na ve geleneksel oyunlar\u0131na adanm\u0131\u015f oldu\u011fundan ESET sald\u0131r\u0131n\u0131n birincil hedeflerinin Yanbian’da ya\u015fayan etnik Koreliler oldu\u011fu sonucuna vard\u0131. Sald\u0131r\u0131n\u0131n,Yanbian b\u00f6lgesinde ya\u015fayan (veya buradan gelen), b\u00fcy\u00fck olas\u0131l\u0131kla m\u00fclteciler veya ka\u00e7aklar ve Kuzey Kore rejimi taraf\u0131ndan ilgi \u00e7ekici g\u00f6r\u00fclen ki\u015filer hakk\u0131nda bilgi toplamay\u0131 ama\u00e7lad\u0131\u011f\u0131 d\u00fc\u015f\u00fcn\u00fcl\u00fcyor.<\/p>\n

Oyun platformunun Windows istemcisi, RokRAT arka kap\u0131s\u0131na yol a\u00e7an k\u00f6t\u00fc ama\u00e7l\u0131 bir g\u00fcncelleme yoluyla ele ge\u00e7irildi, \u00a0bu da daha sofistike BirdCall arka kap\u0131s\u0131n\u0131 devreye soktu. ScarCruft’un son sald\u0131r\u0131s\u0131n\u0131 ke\u015ffeden ESET ara\u015ft\u0131rmac\u0131s\u0131 Filip Jur\u010dacko \u201cMa\u011fdurlar, cihazlar\u0131ndaki tek bir sayfadan bir web taray\u0131c\u0131s\u0131 arac\u0131l\u0131\u011f\u0131yla trojan bula\u015fm\u0131\u015f oyunlar\u0131 indirdiler ve muhtemelen bunlar\u0131 kas\u0131tl\u0131 olarak y\u00fcklediler. Resm\u00ee Google Play ma\u011fazas\u0131nda ba\u015fka herhangi bir APK konumu veya k\u00f6t\u00fc ama\u00e7l\u0131 APK tespit etmedik. Web sitesinin ne zaman ilk kez ele ge\u00e7irildi\u011fini ve tedarik zinciri sald\u0131r\u0131s\u0131n\u0131n ne zaman ba\u015flad\u0131\u011f\u0131n\u0131 belirleyemedik. Ancak da\u011f\u0131t\u0131lan k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m\u0131n analizine dayanarak, bunun 2024’\u00fcn sonlar\u0131nda ger\u00e7ekle\u015fti\u011fini tahmin ediyoruz\u201d a\u00e7\u0131klamas\u0131n\u0131 yapt\u0131 .<\/p>\n

Windows arka kap\u0131s\u0131 ilk olarak 2021’de ke\u015ffedilmi\u015f ve ESET Tehdit \u0130stihbarat\u0131 raporu kapsam\u0131nda ScarCruft’a atfedilmi\u015fti. Orijinal Windows arka kap\u0131s\u0131, ekran g\u00f6r\u00fcnt\u00fcs\u00fc alma, tu\u015f vuru\u015flar\u0131n\u0131 ve panodaki i\u00e7eri\u011fi kaydetme, kimlik bilgilerini ve dosyalar\u0131 \u00e7alma ve kabuk komutlar\u0131n\u0131 y\u00fcr\u00fctme d\u00e2hil olmak \u00fczere \u00e7ok \u00e7e\u015fitli casusluk yeteneklerine sahiptir. Arka kap\u0131, C&C ama\u00e7lar\u0131 i\u00e7in Dropbox veya pCloud gibi me\u015fru bulut depolama hizmetlerini veya ele ge\u00e7irilmi\u015f web sitelerini kullan\u0131r.\u00a0<\/p>\n

APT37 veya Reaper olarak da bilinen ScarCruft, en az 2012 y\u0131l\u0131ndan beri faaliyet g\u00f6steriyor ve Kuzey Kore casusluk grubu oldu\u011fundan \u015f\u00fcpheleniliyor. Grup \u00f6ncelikle G\u00fcney Kore’ye odaklansa da di\u011fer Asya \u00fclkeleri de hedef al\u0131n\u0131yor. ScarCruft, esas olarak h\u00fck\u00fcmet ve askeri kurulu\u015flarla ve Kuzey Kore’nin \u00e7\u0131karlar\u0131yla ba\u011flant\u0131l\u0131 \u00e7e\u015fitli sekt\u00f6rlerdeki \u015firketlerle ilgileniyor gibi g\u00f6r\u00fcnmektedir. Grup ayr\u0131ca Kuzey Kore’den ka\u00e7anlar\u0131 da hedef almaktad\u0131r.<\/p>\n

\u00a0<\/p>\n

Kaynak: (BYZHA) Beyaz Haber Ajans\u0131<\/p>\n","protected":false},"excerpt":{"rendered":"

Siber \u00a0g\u00fcvenlik \u015firketi ESET\u2019in bulgular\u0131na g\u00f6re, Kuzey Kore ba\u011flant\u0131l\u0131 APT grubu ScarCruft, tedarik zinciri casusluk sald\u0131r\u0131s\u0131 kapsam\u0131nda bir oyun platformunu ele ge\u00e7irdi.<\/p>\n","protected":false},"author":1,"featured_media":15254,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[25],"tags":[],"class_list":["post-15253","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-teknoloji"],"_links":{"self":[{"href":"https:\/\/busondakika.com.tr\/index.php?rest_route=\/wp\/v2\/posts\/15253","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/busondakika.com.tr\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/busondakika.com.tr\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/busondakika.com.tr\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/busondakika.com.tr\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=15253"}],"version-history":[{"count":1,"href":"https:\/\/busondakika.com.tr\/index.php?rest_route=\/wp\/v2\/posts\/15253\/revisions"}],"predecessor-version":[{"id":15255,"href":"https:\/\/busondakika.com.tr\/index.php?rest_route=\/wp\/v2\/posts\/15253\/revisions\/15255"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/busondakika.com.tr\/index.php?rest_route=\/wp\/v2\/media\/15254"}],"wp:attachment":[{"href":"https:\/\/busondakika.com.tr\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=15253"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/busondakika.com.tr\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=15253"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/busondakika.com.tr\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=15253"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}