{"id":3490,"date":"2026-03-14T01:27:27","date_gmt":"2026-03-14T01:27:27","guid":{"rendered":"https:\/\/busondakika.com.tr\/?p=3490"},"modified":"2026-03-14T01:27:28","modified_gmt":"2026-03-14T01:27:28","slug":"siber-casuslukta-yeni-donem","status":"publish","type":"post","link":"https:\/\/busondakika.com.tr\/?p=3490","title":{"rendered":"Siber casuslukta yeni d\u00f6nem"},"content":{"rendered":"<p> <strong>Siber g\u00fcvenlik \u015firketi ESET, yak\u0131n zamanda Sednit&#8217;in modern ara\u00e7 seti arac\u0131l\u0131\u011f\u0131yla yeniden faaliyete ge\u00e7ti\u011fini tespit etti. Bu ara\u00e7 seti, dayan\u0131kl\u0131l\u0131k i\u00e7in her biri farkl\u0131 bir bulut sa\u011flay\u0131c\u0131 kullanan BeardShell ve Covenant adl\u0131 iki e\u015fle\u015ftirilmi\u015f implant\u0131 merkezine al\u0131yor. \u00a0Bu \u00e7ift implant yakla\u015f\u0131m\u0131, Ukrayna askeri personelinin uzun vadeli g\u00f6zetimini m\u00fcmk\u00fcn k\u0131l\u0131yor ve Nisan 2024&#8217;ten beri kullan\u0131l\u0131yor. 2016 y\u0131l\u0131nda, ABD Adalet Bakanl\u0131\u011f\u0131 Sednit grubunu, Rus ordusunun Ana \u0130stihbarat M\u00fcd\u00fcrl\u00fc\u011f\u00fc b\u00fcnyesindeki bir Rus istihbarat ajans\u0131 olan GRU&#8217;nun 26165 Birimi ile ili\u015fkilendirdi.<\/strong><\/p>\n<p>ESET&#8217;in modern Sednit faaliyetlerine ili\u015fkin a\u00e7\u0131klamas\u0131, Nisan 2024&#8217;te CERT-UA taraf\u0131ndan Ukrayna h\u00fck\u00fcmetine ait bir makinede ke\u015ffedilen bir casusluk implant\u0131 olan SlimAgent ile ba\u015fl\u0131yor. SlimAgent, tu\u015f vuru\u015flar\u0131n\u0131 kaydetme, ekran g\u00f6r\u00fcnt\u00fcs\u00fc alma ve panoya verileri toplama yetene\u011fine sahip basit ama etkili bir casusluk arac\u0131. ESET telemetri kapsam\u0131nda, SlimAgent&#8217;a benzer kodlara sahip ve daha \u00f6nce bilinmeyen \u00f6rnekler tespit etti. Bu \u00f6rnekler, Ukrayna vakas\u0131ndan alt\u0131 y\u0131l \u00f6nce, 2018 y\u0131l\u0131nda iki Avrupa \u00fclkesindeki devlet kurumlar\u0131na kar\u015f\u0131 kullan\u0131lm\u0131\u015ft\u0131. Dolay\u0131s\u0131yla SlimAgent, en az 2018 y\u0131l\u0131ndan beri ba\u011f\u0131ms\u0131z bir bile\u015fen olarak kullan\u0131lan Xagent keylogger mod\u00fcl\u00fcn\u00fcn bir evrimi gibi g\u00f6r\u00fcn\u00fcyor. Xagent, Sednit grubu taraf\u0131ndan alt\u0131 y\u0131ldan fazla bir s\u00fcredir \u00f6zel olarak kullan\u0131lan bir ara\u00e7 seti.<\/p>\n<p>SlimAgent, 2024 y\u0131l\u0131nda Ukrayna&#8217;daki makinede bulunan tek implant de\u011fildi; Sednit&#8217;in \u00f6zel cephaneli\u011fine \u00e7ok daha yak\u0131n zamanda eklenen BeardShell de burada kullan\u0131lm\u0131\u015ft\u0131. BeardShell, .NET \u00e7al\u0131\u015fma zaman\u0131 ortam\u0131nda PowerShell komutlar\u0131n\u0131 y\u00fcr\u00fctebilen sofistike bir implant ve me\u015fru bulut depolama hizmeti Icedrive&#8217;\u0131 Komuta ve Kontrol kanal\u0131 olarak kullan\u0131yor. Nadir bir gizleme tekni\u011finin ortak kullan\u0131m\u0131 ve SlimAgent ile ayn\u0131 yerde bulunmas\u0131, ESET&#8217;in BeardShell&#8217;in Sednit&#8217;in \u00f6zel cephaneli\u011finin bir par\u00e7as\u0131 oldu\u011funu y\u00fcksek g\u00fcvenle de\u011ferlendirmesine yol a\u00e7maktad\u0131r.<\/p>\n<p>\u0130lk 2024 vakas\u0131ndan bu yana, Sednit, BeardShell&#8217;i 2025 ve 2026 y\u0131llar\u0131nda, \u00f6ncelikle Ukrayna askeri personelini hedef alan uzun vadeli casusluk operasyonlar\u0131nda kullanmaya devam etti. Bu y\u00fcksek de\u011ferli hedeflere s\u00fcrekli eri\u015fim sa\u011flamak i\u00e7in Sednit, BeardShell&#8217;in yan\u0131 s\u0131ra sistematik olarak ba\u015fka bir implant da kullan\u0131yor: Modern silahlar\u0131n\u0131n son bile\u015feni olan Covenant. Covenant, a\u00e7\u0131k kaynakl\u0131 bir .NET post-eksploitasyon \u00e7er\u00e7evesi ve 90&#8217;dan fazla yerle\u015fik g\u00f6rev sunarak veri s\u0131zd\u0131rma, hedef izleme ve a\u011f pivoting gibi yetenekleri destekler.<\/p>\n<p>2023&#8217;ten bu yana, Sednit geli\u015ftiricileri Covenant&#8217;\u0131 birincil casusluk implant\u0131 olarak kurmak i\u00e7in bir dizi de\u011fi\u015fiklik ve deney yapt\u0131. BeardShell&#8217;i, Covenant&#8217;\u0131n bulut tabanl\u0131 altyap\u0131s\u0131n\u0131n devre d\u0131\u015f\u0131 b\u0131rak\u0131lmas\u0131 gibi operasyonel sorunlarla kar\u015f\u0131la\u015fmas\u0131 durumunda yedek olarak tuttu. Sednit, \u00f6zellikle Ukrayna&#8217;daki se\u00e7ilmi\u015f hedefler kar\u015f\u0131s\u0131nda, birka\u00e7 y\u0131ld\u0131r Covenant&#8217;a ba\u015far\u0131yla g\u00fcveniyor. \u00d6rne\u011fin, 2025 y\u0131l\u0131nda Sednit taraf\u0131ndan kontrol edilen Covenant bulut s\u00fcr\u00fcc\u00fclerini analiz etti\u011fimizde alt\u0131 aydan uzun s\u00fcredir izlenen makineler ortaya \u00e7\u0131kt\u0131. CERT UA&#8217;n\u0131n bildirdi\u011fine g\u00f6re, Sednit Ocak 2026&#8217;da CVE\u00a02026 21509\u00a0g\u00fcvenlik a\u00e7\u0131\u011f\u0131n\u0131 kullanan bir dizi spearphishing kampanyas\u0131nda da Covenant&#8217;\u0131 kulland\u0131.<\/p>\n<p>BeardShell&#8217;in geli\u015fmi\u015fli\u011fi ve Covenant&#8217;ta yap\u0131lan kapsaml\u0131 de\u011fi\u015fiklikler, Sednit&#8217;in geli\u015ftiricilerinin geli\u015fmi\u015f \u00f6zel implantlar \u00fcretme konusunda h\u00e2l\u00e2 tam kapasiteye sahip oldu\u011funu g\u00f6stermektedir. Ayr\u0131ca bu ara\u00e7lar\u0131 2010 d\u00f6nemindeki \u00f6nc\u00fcllerine ba\u011flayan ortak kod ve teknikler, geli\u015ftirme ekibi i\u00e7inde s\u00fcreklilik oldu\u011funu g\u00fc\u00e7l\u00fc bir \u015fekilde g\u00f6stermektedir.<\/p>\n<p>\u00a0<\/p>\n<p>Kaynak: (BYZHA) Beyaz Haber Ajans\u0131<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Siber g\u00fcvenlik \u015firketi ESET, yak\u0131n zamanda Sednit&#8217;in modern ara\u00e7 seti arac\u0131l\u0131\u011f\u0131yla yeniden faaliyete ge\u00e7ti\u011fini tespit etti.<\/p>\n","protected":false},"author":1,"featured_media":3491,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[25],"tags":[],"class_list":["post-3490","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-teknoloji"],"_links":{"self":[{"href":"https:\/\/busondakika.com.tr\/index.php?rest_route=\/wp\/v2\/posts\/3490","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/busondakika.com.tr\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/busondakika.com.tr\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/busondakika.com.tr\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/busondakika.com.tr\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=3490"}],"version-history":[{"count":1,"href":"https:\/\/busondakika.com.tr\/index.php?rest_route=\/wp\/v2\/posts\/3490\/revisions"}],"predecessor-version":[{"id":3492,"href":"https:\/\/busondakika.com.tr\/index.php?rest_route=\/wp\/v2\/posts\/3490\/revisions\/3492"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/busondakika.com.tr\/index.php?rest_route=\/wp\/v2\/media\/3491"}],"wp:attachment":[{"href":"https:\/\/busondakika.com.tr\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=3490"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/busondakika.com.tr\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=3490"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/busondakika.com.tr\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=3490"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}