{"id":154,"date":"2026-07-04T15:51:22","date_gmt":"2026-07-04T12:51:22","guid":{"rendered":"https:\/\/paparazzimagazin.com.tr\/?p=154"},"modified":"2026-07-04T15:51:23","modified_gmt":"2026-07-04T12:51:23","slug":"turkiyeyi-de-hedef-alan-iki-zararli-yazilima-kuresel-operasyon","status":"publish","type":"post","link":"https:\/\/paparazzimagazin.com.tr\/?p=154","title":{"rendered":"T\u00fcrkiye&#8217;yi de hedef alan iki zararl\u0131 yaz\u0131l\u0131ma k\u00fcresel operasyon"},"content":{"rendered":"<p> <strong>Siber g\u00fcvenlik alan\u0131nda d\u00fcnya lideri olan ESET, teknik analiz, altyap\u0131 takibi ve ba\u011fl\u0131 kurulu\u015f d\u00fczeyinde i\u00e7g\u00f6r\u00fcler sa\u011flayarak Amadey botneti ile Stealc bilgi h\u0131rs\u0131z\u0131n\u0131n faaliyetlerinin durdurulmas\u0131na yard\u0131mc\u0131 oldu.\u00a0<\/strong><\/p>\n<p><strong>\u00a0ESET telemetri tespit oranlar\u0131, Amadey\u2019in belirli bir b\u00f6lgeye odaklanmaks\u0131z\u0131n k\u00fcresel \u00e7apta g\u00f6zlemlendi\u011fini g\u00f6steriyor. En y\u00fcksek tespit oranlar\u0131 Hindistan, T\u00fcrkiye, M\u0131s\u0131r, Meksika ve \u0130spanya\u2019da g\u00f6zlemlendi. Stealc de belirli bir b\u00f6lgeye odaklanmaks\u0131z\u0131n k\u00fcresel olarak yay\u0131l\u0131rken en y\u00fcksek tespit oranlar\u0131 ABD, Polonya ve \u0130talya\u2019da g\u00f6zlemlendi.\u00a0<\/strong><\/p>\n<p>ESET Research, teknik analiz, altyap\u0131 takibi ve ba\u011fl\u0131 kurulu\u015f d\u00fczeyinde i\u00e7g\u00f6r\u00fcler sa\u011flayarak Amadey botneti ile Stealc bilgi h\u0131rs\u0131z\u0131n\u0131n faaliyetlerinin durdurulmas\u0131na yard\u0131mc\u0131 oldu. Her ikisi de &#8220;k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m hizmeti&#8221; (MaaS) olarak i\u015fletiliyor. Microsoft Dijital Su\u00e7lar Birimi (DCU), BitSight, Lumen ve Mitsui Bussan Secure Directions (MBSD) taraf\u0131ndan koordine edilen operasyon, Amadey ve Stealc ba\u011fl\u0131 kurulu\u015flar\u0131 taraf\u0131ndan kullan\u0131lan t\u00fcm bilinen a\u011f altyap\u0131s\u0131n\u0131 hedef alarak siber su\u00e7 faaliyetlerini felce u\u011fratmay\u0131 ama\u00e7lad\u0131. Ayn\u0131 zamanda, Europol\u2019un Avrupa Siber Su\u00e7 Merkezi (EC3), Almanya Federal Kriminal Polis Dairesi ile Hollanda ve Danimarka Ulusal Polis Te\u015fkilatlar\u0131 da d\u00e2hil olmak \u00fczere Avrupal\u0131 kolluk kuvvetleri ortaklar\u0131yla birlikte IBM ve Proofpoint ile ortakla\u015fa \u201cOperation Endgame\u201d kapsam\u0131nda Stealc\u2019i soru\u015fturuyordu.<\/p>\n<p>ESET, her iki k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m ailesini uzun s\u00fcreli olarak takip ederken toplad\u0131\u011f\u0131 teknik analizler, istatistiksel bilgiler, bilinen komuta ve kontrol (C&amp;C) sunucular\u0131, \u015fifreleme anahtarlar\u0131, kampanya ve derleme tan\u0131mlay\u0131c\u0131lar\u0131 ile di\u011fer tehdit istihbaratlar\u0131n\u0131 payla\u015farak bu operasyonun ba\u015far\u0131s\u0131na katk\u0131da bulundu.<\/p>\n<p>Amadey ve Stealc\u2019in engellenmesi \u00e7al\u0131\u015fmalar\u0131na destek veren ESET ara\u015ft\u0131rmac\u0131s\u0131 Jakub Tomanek \u201cESET, son \u00fc\u00e7 y\u0131ld\u0131r hem Amadey botnetini hem de Stealc bilgi h\u0131rs\u0131z\u0131n\u0131 takip ediyor. Engelleme operasyonu kapsam\u0131nda, i\u015flenmi\u015f k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m \u00f6rneklerinden elde edilen teknik g\u00f6stergeler ve yap\u0131land\u0131rma verilerinin yan\u0131 s\u0131ra 2025\u2019in 4. \u00e7eyre\u011finden 2026\u2019n\u0131n ilk yar\u0131s\u0131na kadar olan d\u00f6nemi kapsayan istatistikleri payla\u015ft\u0131k. Otomatik sistemlerimiz, Amadey ve Stealc \u00f6rneklerini detayl\u0131 bir \u015fekilde inceliyor ve b\u00fcy\u00fck \u00f6l\u00e7ekli izleme i\u00e7in en \u00f6nemli alanlar\u0131 tespit ediyor. Bunlar aras\u0131nda C&amp;C sunucular\u0131, derleme tan\u0131mlay\u0131c\u0131lar\u0131, \u015fifreleme anahtarlar\u0131, URL yollar\u0131, kampanya tan\u0131mlay\u0131c\u0131lar\u0131 ve k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m ailelerinin sald\u0131rganlar\u0131n kontrol\u00fcndeki altyap\u0131yla ileti\u015fim kurarken kulland\u0131\u011f\u0131 di\u011fer g\u00f6m\u00fcl\u00fc de\u011ferler yer al\u0131yor,\u201d a\u00e7\u0131klamas\u0131n\u0131 yapt\u0131.\u00a0<\/p>\n<p>Teknik analizlerin, istatistiksel bilgilerin ve C&amp;C sunucu listeleri, ba\u011fl\u0131 kurulu\u015f tan\u0131mlay\u0131c\u0131lar\u0131 ve \u015fifreleme anahtarlar\u0131 gibi tehdit istihbarat\u0131n\u0131n payla\u015f\u0131lmas\u0131, kolluk kuvvetlerinin altyap\u0131lar\u0131 y\u00fcksek bir g\u00fcven derecesiyle tespit etmelerine, \u00f6nceliklendirmelerine ve bunlara kar\u015f\u0131 harekete ge\u00e7melerine olanak tan\u0131yor. \u00a0Amadey, mod\u00fcler bir k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m y\u00fckleyicisidir. Ana amac\u0131, ele ge\u00e7irilmi\u015f sistemlere ek k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131mlar da\u011f\u0131tmak olmakla birlikte, veri s\u0131zd\u0131rma ve uzaktan eri\u015fim i\u00e7in mod\u00fcller de sunuyor. Buna kar\u015f\u0131l\u0131k Stealc, tipik bir \u201chizmet olarak bilgi h\u0131rs\u0131z\u0131\u201d. Kimlik bilgileri, \u00e7erezler, kripto para c\u00fczdanlar\u0131, taray\u0131c\u0131 uzant\u0131lar\u0131 ve i\u015f ortaklar\u0131 taraf\u0131ndan tan\u0131mlanan kal\u0131plara uyan dosyalar\u0131 hedef al\u0131yor.<\/p>\n<p>Her iki k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m ailesi de hizmet olarak sat\u0131l\u0131yor ve darknet forumlar\u0131nda tan\u0131t\u0131l\u0131yor. Her iki ekosistemde de i\u015f ortaklar\u0131, kendi sunucu altyap\u0131lar\u0131na kurulmas\u0131 gereken, kendi bar\u0131nd\u0131rd\u0131klar\u0131 bir y\u00f6netim paneli al\u0131rlar. Bu, i\u015f ortaklar\u0131ndan belirli bir d\u00fczeyde teknik beceri gerektirir ve onlara kurban verileri ve y\u00fck da\u011f\u0131t\u0131m\u0131 \u00fczerinde do\u011frudan kontrol sa\u011flar. Da\u011f\u0131t\u0131m y\u00f6ntemleri nihai olarak her bir i\u015f orta\u011f\u0131na ba\u011fl\u0131 olsa da ESET telemetri verileri her iki k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m ailesinin de \u00e7ok \u00e7e\u015fitli kanallar arac\u0131l\u0131\u011f\u0131yla yay\u0131ld\u0131\u011f\u0131n\u0131 tutarl\u0131 bir \u015fekilde g\u00f6stermi\u015ftir. En yayg\u0131n y\u00f6ntemler aras\u0131nda sahte yaz\u0131l\u0131m g\u00fcncellemeleri, k\u0131r\u0131lm\u0131\u015f yaz\u0131l\u0131m y\u00fckleyicileri ve \u00fc\u00e7\u00fcnc\u00fc taraf k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m y\u00fckleyicileri yer almaktad\u0131r.<\/p>\n<p>Amadey, yeniden derleme ba\u015f\u0131na \u00f6deme modelini kullan\u0131yor. Ortaklar bir lisans sat\u0131n ald\u0131ktan sonra, yeni bir derleme olu\u015fturmalar\u0131 gerekti\u011finde (\u00f6rne\u011fin, yeni bir C&amp;C sunucusuna ge\u00e7i\u015f yaparken) her seferinde ek bir \u00fccret \u00f6d\u00fcyor. Di\u011fer bir deyi\u015fle Amadey operat\u00f6rleri i\u015f ortaklar\u0131na bir derleme arac\u0131 sa\u011flamad\u0131; bunun yerine, \u00f6rnekler her i\u015f orta\u011f\u0131 i\u00e7in talep \u00fczerine derlendi. Hizmet, daha fazla veri s\u0131zd\u0131rma ve eri\u015fim i\u00e7in \u00fc\u00e7 mod\u00fcl sunar: Panoya izleme mod\u00fcl\u00fc, kimlik bilgisi h\u0131rs\u0131zl\u0131\u011f\u0131 mod\u00fcl\u00fc ve VNC tabanl\u0131 uzaktan eri\u015fim mod\u00fcl\u00fc. Hizmetin tek bir lisans i\u00e7in fiyat\u0131 Bitcoin cinsinden 600 ABD dolar\u0131d\u0131r ve her yeniden derleme i\u00e7in ek 50 ABD dolar\u0131 \u00fccret al\u0131n\u0131yor.<\/p>\n<p>Stealc ise i\u015f ortaklar\u0131na daha dostane bir yakla\u015f\u0131m benimsemi\u015f ve abonelik kapsam\u0131nda s\u0131n\u0131rs\u0131z derleme olu\u015fturma imk\u00e2n\u0131 sunuyor. Bu, C&amp;C altyap\u0131s\u0131n\u0131 de\u011fi\u015ftirmenin operasyonel maliyetini d\u00fc\u015f\u00fcrm\u00fc\u015f ve i\u015f ortaklar\u0131n\u0131n ihtiya\u00e7 duyduklar\u0131 anda yeni \u00f6rnekler olu\u015fturmas\u0131n\u0131 kolayla\u015ft\u0131r\u0131yor. Web taray\u0131c\u0131lar\u0131, e-posta istemcileri, FTP istemcileri, oyun platformlar\u0131, kripto para c\u00fczdan\u0131 dosyalar\u0131 ve taray\u0131c\u0131 uzant\u0131lar\u0131 taraf\u0131ndan depolanan kimlik bilgileri d\u00e2hil olmak \u00fczere \u00e7ok \u00e7e\u015fitli veri kaynaklar\u0131n\u0131 hedefliyor. Stealc, ayl\u0131k abonelik olarak sat\u0131l\u0131yor ve en ucuz abonelik alt\u0131 ay i\u00e7in 1.000 ABD dolar\u0131.<\/p>\n<p>Kimlik sahtek\u00e2rl\u0131\u011f\u0131 doland\u0131r\u0131c\u0131l\u0131klar\u0131ndan ka\u00e7\u0131nmaya \u00e7al\u0131\u015fan her iki operat\u00f6r de darknet forumlar\u0131ndaki potansiyel i\u015f ortaklar\u0131na kendileriyle yaln\u0131zca resm\u00ee kanallar arac\u0131l\u0131\u011f\u0131yla ileti\u015fime ge\u00e7meleri konusunda a\u00e7\u0131k\u00e7a talimat verdi. Amadey, al\u0131c\u0131lar\u0131 \u00fcr\u00fcn\u00fcn tan\u0131t\u0131ld\u0131\u011f\u0131 darknet forumundaki \u00f6zel mesajlara y\u00f6nlendirirken Stealc ise darknet forumlar\u0131ndaki \u00f6zel mesajlar\u0131 veya Telegram\u2019\u0131 kulland\u0131.<\/p>\n<p>ESET, her iki ailenin faaliyetlerini izlemeye devam edecek ve operasyonun durdurulmas\u0131n\u0131n ard\u0131ndan operasyonel altyap\u0131y\u0131 yeniden kurma giri\u015fimlerini takip edecek.<\/p>\n<p>\u00a0<\/p>\n<p>Kaynak: (BYZHA) Beyaz Haber Ajans\u0131<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Siber g\u00fcvenlik alan\u0131nda d\u00fcnya lideri olan ESET, teknik analiz, altyap\u0131 takibi ve ba\u011fl\u0131 kurulu\u015f d\u00fczeyinde i\u00e7g\u00f6r\u00fcler sa\u011flayarak Amadey botneti ile Stealc bilgi h\u0131rs\u0131z\u0131n\u0131n faaliyetlerinin durdurulmas\u0131na yard\u0131mc\u0131 oldu.<\/p>\n","protected":false},"author":1,"featured_media":155,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5],"tags":[],"class_list":["post-154","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-teknoloji"],"_links":{"self":[{"href":"https:\/\/paparazzimagazin.com.tr\/index.php?rest_route=\/wp\/v2\/posts\/154","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/paparazzimagazin.com.tr\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/paparazzimagazin.com.tr\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/paparazzimagazin.com.tr\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/paparazzimagazin.com.tr\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=154"}],"version-history":[{"count":1,"href":"https:\/\/paparazzimagazin.com.tr\/index.php?rest_route=\/wp\/v2\/posts\/154\/revisions"}],"predecessor-version":[{"id":156,"href":"https:\/\/paparazzimagazin.com.tr\/index.php?rest_route=\/wp\/v2\/posts\/154\/revisions\/156"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/paparazzimagazin.com.tr\/index.php?rest_route=\/wp\/v2\/media\/155"}],"wp:attachment":[{"href":"https:\/\/paparazzimagazin.com.tr\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=154"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/paparazzimagazin.com.tr\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=154"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/paparazzimagazin.com.tr\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=154"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}