{"id":6160,"date":"2026-04-29T10:31:49","date_gmt":"2026-04-29T07:31:49","guid":{"rendered":"https:\/\/ekonomievreni.com\/?p=6160"},"modified":"2026-04-29T10:31:50","modified_gmt":"2026-04-29T07:31:50","slug":"eset-yeni-bir-siber-casusluk-grubunu-ortaya-cikardi","status":"publish","type":"post","link":"https:\/\/ekonomievreni.com\/?p=6160","title":{"rendered":"ESET yeni bir siber casusluk grubunu ortaya \u00e7\u0131kard\u0131"},"content":{"rendered":"

Siber g\u00fcvenlikte d\u00fcnya lideri olan ESET, Mo\u011folistan’daki devlet kurumlar\u0131n\u0131 hedef alan ve GopherWhisper olarak adland\u0131r\u0131lan, \u00c7in ile ba\u011flant\u0131l\u0131 yeni bir APT grubu ortaya \u00e7\u0131kard\u0131. Grup, casusluk yapmak i\u00e7in Discord, Slack ve Outlook mesajla\u015fma hizmetlerini k\u00f6t\u00fcye kullan\u0131yor.<\/strong><\/p>\n

ESET ara\u015ft\u0131rmac\u0131lar\u0131,\u00a0<\/strong>GopherWhisper ad\u0131n\u0131 verdikleri, daha \u00f6nce kay\u0131tlara ge\u00e7memi\u015f, \u00c7in ile ba\u011flant\u0131l\u0131 bir APT grubu ke\u015ffettiler. Grup, \u00e7o\u011funlukla Go dilinde yaz\u0131lm\u0131\u015f ve enjekt\u00f6rler ile y\u00fckleyiciler kullanarak cephaneli\u011findeki \u00e7e\u015fitli arka kap\u0131lar\u0131 da\u011f\u0131t\u0131p \u00e7al\u0131\u015ft\u0131ran \u00e7ok \u00e7e\u015fitli ara\u00e7lar kullan\u0131yor. G\u00f6zlemlenen kampanyada, tehdit akt\u00f6rleri Mo\u011folistan’daki bir devlet kurumunu hedef ald\u0131. GopherWhisper, komuta ve kontrol (C&C) ileti\u015fimi ve veri s\u0131zd\u0131rma amac\u0131yla Discord, Slack, Microsoft 365 Outlook ve file.io gibi me\u015fru hizmetleri k\u00f6t\u00fcye kullan\u0131yor.<\/p>\n

ESET ara\u015ft\u0131rmac\u0131lar\u0131 \u00a0bu grubu Ocak 2025’te, Mo\u011folistan’daki bir devlet kurumunun sisteminde daha \u00f6nce belgelenmemi\u015f bir arka kap\u0131 buldu\u011funda ke\u015ffetti \u00a0ve bu arka kap\u0131ya LaxGopher ad\u0131n\u0131 verdi. Daha derinlemesine ara\u015ft\u0131rma yapan ekip, ayn\u0131 grup taraf\u0131ndan da\u011f\u0131t\u0131lan, \u00e7o\u011funlukla \u00e7e\u015fitli ek arka kap\u0131lar olmak \u00fczere birka\u00e7 k\u00f6t\u00fc ama\u00e7l\u0131 ara\u00e7 daha ortaya \u00e7\u0131kard\u0131. Bu ara\u00e7lar\u0131n \u00e7o\u011fu Go dilinde yaz\u0131lm\u0131\u015ft\u0131 ve ortak ama\u00e7lar\u0131 siber casusluktu.<\/p>\n

ESET telemetrisine g\u00f6re, GopherWhisper arka kap\u0131lar\u0131ndan etkilenen kurban bir Mo\u011folistan devlet kurumu. Sald\u0131rganlar taraf\u0131ndan i\u015fletilen Discord ve Slack sunucular\u0131ndan gelen C&C trafi\u011fini analiz eden ESET, Mo\u011folistan kurumunun yan\u0131 s\u0131ra onlarca ba\u015fka kurban\u0131n da etkilendi\u011fini tahmin ediyor; ancak bu kurbanlar\u0131n co\u011frafi konumlar\u0131 veya sekt\u00f6rleri hakk\u0131nda herhangi bir bilgiye sahip de\u011fil. Ke\u015ffedilen yedi ara\u00e7tan d\u00f6rd\u00fc arka kap\u0131: Go dilinde yaz\u0131lm\u0131\u015f LaxGopher, RatGopher ve BoxOfFriends ile C++ dilinde yaz\u0131lm\u0131\u015f SSLORDoor. Ayr\u0131ca ESET, bir enjekt\u00f6r (JabGopher), Go tabanl\u0131 bir veri s\u0131zd\u0131rma arac\u0131 (CompactGopher) ve k\u00f6t\u00fc ama\u00e7l\u0131 bir DLL dosyas\u0131 (FriendDelivery) buldu.<\/p>\n

ESET\u2019in tespit etti\u011fi k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m grubu, bilinen hi\u00e7bir tehdit akt\u00f6r\u00fcn\u00fcn ara\u00e7lar\u0131yla kod a\u00e7\u0131s\u0131ndan benzerlik g\u00f6stermedi\u011fi ve ba\u015fka hi\u00e7bir grubun kulland\u0131\u011f\u0131 taktik, teknik ve prosed\u00fcrler (TTP\u2019ler) ile de \u00f6rt\u00fc\u015fmedi\u011finden, ESET bu ara\u00e7lar\u0131 yeni bir gruba atfediyor. Ara\u015ft\u0131rmac\u0131lar, grubun ara\u00e7lar\u0131n\u0131n \u00e7o\u011funun maskotu bir gopher olan Go programlama dilinde yaz\u0131lm\u0131\u015f olmas\u0131 ve yan y\u00fckleme yoluyla y\u00fcklenen whisper.dll dosya ad\u0131na dayanarak bu gruba GopherWhisper ad\u0131n\u0131 verdi.<\/p>\n

Yeni tehdit grubunu ke\u015ffeden ESET ara\u015ft\u0131rmac\u0131s\u0131 Eric Howard yapt\u0131\u011f\u0131 a\u00e7\u0131klamada; \u201cGopherWhisper, C&C ileti\u015fimi i\u00e7in Slack, Discord ve Outlook gibi me\u015fru hizmetlerin yayg\u0131n olarak kullan\u0131lmas\u0131yla karakterize edilir. Ara\u015ft\u0131rmam\u0131z s\u0131ras\u0131nda, binlerce Slack ve Discord mesaj\u0131n\u0131n yan\u0131 s\u0131ra Microsoft Outlook’tan birka\u00e7 taslak e-posta mesaj\u0131n\u0131 da elde etmeyi ba\u015fard\u0131k. Bu, grubun i\u00e7 i\u015fleyi\u015fi hakk\u0131nda bize b\u00fcy\u00fck bir fikir verdi. Slack ve Discord mesajlar\u0131n\u0131n zaman damgas\u0131 incelemesi, bunlar\u0131n \u00e7o\u011funun \u00e7al\u0131\u015fma saatleri i\u00e7inde, yani \u00c7in Standart Saati ile uyumlu olarak sabah 8 ile ak\u015fam 5 aras\u0131nda g\u00f6nderildi\u011fini g\u00f6sterdi. Ayr\u0131ca Slack meta verilerinde yap\u0131land\u0131r\u0131lm\u0131\u015f kullan\u0131c\u0131n\u0131n yerel ayar\u0131 da bu saat dilimine ayarlanm\u0131\u015ft\u0131. Bu nedenle, GopherWhisper\u2019\u0131n \u00c7in merkezli bir grup oldu\u011funa inan\u0131yoruz\u201d dedi.<\/p>\n

ESET\u2019in bu ara\u015ft\u0131rmas\u0131na g\u00f6re, grubun Slack ve Discord sunucular\u0131 ilk olarak arka kap\u0131lar\u0131n i\u015flevselli\u011fini test etmek, daha sonra ise g\u00fcnl\u00fckleri silinmeden, ele ge\u00e7irilmi\u015f bir\u00e7ok bilgisayarda LaxGopher ve RatGopher arka kap\u0131lar\u0131 i\u00e7in komuta ve kontrol (C&C) sunucular\u0131 olarak kullan\u0131ld\u0131. Slack ve Discord ileti\u015fimlerine ek olarak, ESET ara\u015ft\u0131rmac\u0131lar\u0131, Microsoft Graph API’sini kullanarak BoxOfFriends arka kap\u0131s\u0131 ile C&C’si aras\u0131ndaki ileti\u015fimde kullan\u0131lan e-posta mesajlar\u0131n\u0131 da \u00e7\u0131karabildiler.<\/p>\n

ESET Research’ten Eric Howard, bu bulgular\u0131 Botconf 2026 konferans\u0131nda sundu.<\/p>\n

\u00a0<\/p>\n

Kaynak: (BYZHA) Beyaz Haber Ajans\u0131<\/p>\n","protected":false},"excerpt":{"rendered":"

Siber g\u00fcvenlikte d\u00fcnya lideri olan ESET, Mo\u011folistan’daki devlet kurumlar\u0131n\u0131 hedef alan ve GopherWhisper olarak adland\u0131r\u0131lan, \u00c7in ile ba\u011flant\u0131l\u0131 yeni bir APT grubu ortaya \u00e7\u0131kard\u0131.<\/p>\n","protected":false},"author":1,"featured_media":6161,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[32],"tags":[],"class_list":["post-6160","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-teknoloji"],"_links":{"self":[{"href":"https:\/\/ekonomievreni.com\/index.php?rest_route=\/wp\/v2\/posts\/6160","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ekonomievreni.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ekonomievreni.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ekonomievreni.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/ekonomievreni.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=6160"}],"version-history":[{"count":1,"href":"https:\/\/ekonomievreni.com\/index.php?rest_route=\/wp\/v2\/posts\/6160\/revisions"}],"predecessor-version":[{"id":6162,"href":"https:\/\/ekonomievreni.com\/index.php?rest_route=\/wp\/v2\/posts\/6160\/revisions\/6162"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ekonomievreni.com\/index.php?rest_route=\/wp\/v2\/media\/6161"}],"wp:attachment":[{"href":"https:\/\/ekonomievreni.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=6160"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ekonomievreni.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=6160"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ekonomievreni.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=6160"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}