{"id":19793,"date":"2026-05-25T10:30:33","date_gmt":"2026-05-25T10:30:33","guid":{"rendered":"https:\/\/akdenizolay.com.tr\/index.php\/2026\/05\/25\/cin-baglantili-webworm-avrupada-hukumetleri-hedef-aldi\/"},"modified":"2026-05-25T10:30:34","modified_gmt":"2026-05-25T10:30:34","slug":"cin-baglantili-webworm-avrupada-hukumetleri-hedef-aldi","status":"publish","type":"post","link":"https:\/\/akdenizolay.com.tr\/index.php\/2026\/05\/25\/cin-baglantili-webworm-avrupada-hukumetleri-hedef-aldi\/","title":{"rendered":"\u00c7in ba\u011flant\u0131l\u0131 Webworm Avrupa\u2019da h\u00fck\u00fcmetleri hedef ald\u0131"},"content":{"rendered":"

Siber g\u00fcvenlik alan\u0131nda d\u00fcnya lideri olan ESET, ba\u015flang\u0131\u00e7ta Asya’daki kurulu\u015flar\u0131 hedef alan ancak son zamanlarda oda\u011f\u0131n\u0131 Avrupa’ya kayd\u0131ran \u00c7in ba\u011flant\u0131l\u0131 bir geli\u015fmi\u015f kal\u0131c\u0131 tehdit grubu (APT) olan Webworm’un 2025 y\u0131l\u0131ndaki faaliyetlerini analiz etti. ESET, Webworm’un Bel\u00e7ika, \u0130talya, Polonya, S\u0131rbistan ve \u0130spanya’daki devlet kurumlar\u0131n\u0131 hedef ald\u0131\u011f\u0131n\u0131 g\u00f6zlemledi. Webworm ayn\u0131 zamanda G\u00fcney Afrika’ya da girerek yerel bir \u00fcniversiteyi ele ge\u00e7irdi.\u00a0<\/strong><\/p>\n

Ge\u00e7en y\u0131ldan bu yana grup, C&C ileti\u015fimi i\u00e7in Discord ve Microsoft Graph API’sini kullanan arka kap\u0131lar kullan\u0131yor. ESET ara\u015ft\u0131rmac\u0131lar\u0131 400’den fazla Discord mesaj\u0131n\u0131n \u015fifresini \u00e7\u00f6zd\u00fc ve 50’den fazla benzersiz hedefe kar\u015f\u0131 ke\u015fif amac\u0131yla kullan\u0131lan, sald\u0131rgan taraf\u0131ndan i\u015fletilen bir sunucu ke\u015ffetti.<\/strong><\/p>\n

Webworm\u2019un son faaliyetlerini ortaya \u00e7\u0131karan ESET ara\u015ft\u0131rmac\u0131s\u0131 Eric Howard \u201cAnalizimiz sayesinde, a\u00e7\u0131k kaynakl\u0131 bir g\u00fcvenlik a\u00e7\u0131\u011f\u0131 taray\u0131c\u0131s\u0131 kullanarak grubun potansiyel ilk eri\u015fim tekniklerine ili\u015fkin bir fikir veren bir sunucudan y\u00fcr\u00fct\u00fclen komutlar\u0131 kurtarmay\u0131 ba\u015fard\u0131k ve odakland\u0131\u011f\u0131 hedeflerin baz\u0131lar\u0131n\u0131 tespit ettik\u201d a\u00e7\u0131klamas\u0131n\u0131 yapt\u0131. ESET, EchoCreep arka kap\u0131s\u0131n\u0131n C&C ileti\u015fimi i\u00e7in kulland\u0131\u011f\u0131 Discord mesajlar\u0131n\u0131n \u015fifresini \u00e7\u00f6zd\u00fckten sonra elde etti\u011fi bilgilere dayanarak 2025 kampanyas\u0131n\u0131 Webworm’a atfetti. Bu bilgiler, ara\u015ft\u0131rmac\u0131lar\u0131 sald\u0131rganlar\u0131n GitHub deposuna y\u00f6nlendirdi; bu depoda SoftEther VPN uygulamas\u0131 gibi haz\u0131rlanm\u0131\u015f ara\u00e7lar bulunuyordu. SoftEther yap\u0131land\u0131rma dosyas\u0131nda, bilinen bir Webworm IP adresiyle e\u015fle\u015fen bir IP adresi bulundu.<\/p>\n

En son ara\u00e7lar\u0131n\u0131n ba\u015f\u0131nda iki yeni arka kap\u0131 geliyor: Discord tabanl\u0131 EchoCreep ve Microsoft Graph tabanl\u0131 GraphWorm. Tehdit akt\u00f6rleri mevcut proxy \u00e7\u00f6z\u00fcmlerini kullanmaya devam ederken WormFrp, ChainWorm, SmuxProxy ve WormSocket’e \u00f6zel proxy \u00e7\u00f6z\u00fcmleri de eklediler. Proxy ara\u00e7lar\u0131n\u0131n say\u0131s\u0131 ve karma\u015f\u0131kl\u0131\u011f\u0131na bak\u0131ld\u0131\u011f\u0131nda, Webworm kurbanlar\u0131 proxy’lerini \u00e7al\u0131\u015ft\u0131rmaya ikna ederek \u00e7ok daha b\u00fcy\u00fck bir gizli a\u011f olu\u015fturuyor olabilir. Buna ek olarak, Webworm, Discord ve Microsoft Graph API\u2019yi komuta ve kontrol (C&C) kanallar\u0131 olarak kullanmaya ba\u015flad\u0131. EchoCreep arka kap\u0131s\u0131, dosya y\u00fcklemek, \u00e7al\u0131\u015fma zaman\u0131 raporlar\u0131 g\u00f6ndermek ve komut almak i\u00e7in Discord\u2019u kullan\u0131yor. GraphWorm ise C&C ileti\u015fimi i\u00e7in Microsoft Graph API\u2019yi kullan\u0131yor; ESET ara\u015ft\u0131rmac\u0131lar\u0131, bu yaz\u0131l\u0131m\u0131n \u00f6zellikle yeni g\u00f6revleri almak ve kurban bilgilerini y\u00fcklemek amac\u0131yla yaln\u0131zca OneDrive u\u00e7 noktalar\u0131n\u0131 kulland\u0131\u011f\u0131n\u0131 ortaya \u00e7\u0131kard\u0131.<\/p>\n

ESET ara\u015ft\u0131rmac\u0131s\u0131 Eric Howard<\/strong>\u00a0a\u00e7\u0131klamas\u0131nda \u015fu bilgilere yer verdi: “2025 kampanyalar\u0131n\u0131 ara\u015ft\u0131r\u0131rken Webworm’un, Amazon Web Services’te bulunan ve S3’\u00fcn basit depolama hizmeti anlam\u0131na geldi\u011fi bir genel bulut depolama \u00e7\u00f6z\u00fcm\u00fc olan, g\u00fcvenli\u011fi ihlal edilmi\u015f bir AWS S3 bucket yap\u0131land\u0131rmalar\u0131 almak i\u00e7in \u00f6zel proxy \u00e7\u00f6z\u00fcm\u00fc WormFrp’yi kullanmaya ba\u015flad\u0131\u011f\u0131n\u0131 ke\u015ffettik. G\u00f6r\u00fcn\u00fc\u015fe g\u00f6re Webworm, bu S3 bucket arac\u0131l\u0131\u011f\u0131yla veri s\u0131zd\u0131rma i\u015flemlerinden yararlan\u0131rken masum kurbanlar hizmetin faturas\u0131n\u0131 \u00f6d\u00fcyor.\u201d\u00a0<\/p>\n

\u00a0Aral\u0131k 2025 ile Ocak 2026 aras\u0131nda operat\u00f6rler, hizmete 20 yeni dosya y\u00fckledi; bunlardan ikisi \u0130spanya\u2019daki bir devlet kurumundan s\u0131zd\u0131r\u0131lm\u0131\u015ft\u0131.\u00a0<\/p>\n

Grup ayr\u0131ca GitHub’da dosya yay\u0131mlamaya devam ediyor ve ESET, gelecekte de bunu s\u00fcrd\u00fcreceklerini varsay\u0131yor.<\/p>\n

\u00a0<\/p>\n

Kaynak: (BYZHA) Beyaz Haber Ajans\u0131<\/p>\n","protected":false},"excerpt":{"rendered":"

Siber g\u00fcvenlik alan\u0131nda d\u00fcnya lideri olan ESET, ba\u015flang\u0131\u00e7ta Asya’daki kurulu\u015flar\u0131 hedef alan ancak son zamanlarda oda\u011f\u0131n\u0131 Avrupa’ya kayd\u0131ran \u00c7in ba\u011flant\u0131l\u0131 bir geli\u015fmi\u015f kal\u0131c\u0131 tehdit grubu (APT) olan Webworm’un 2025 y\u0131l\u0131ndaki faaliyetlerini analiz etti.<\/p>\n","protected":false},"author":1,"featured_media":19794,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-19793","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-teknoloji"],"_links":{"self":[{"href":"https:\/\/akdenizolay.com.tr\/index.php\/wp-json\/wp\/v2\/posts\/19793","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/akdenizolay.com.tr\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/akdenizolay.com.tr\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/akdenizolay.com.tr\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/akdenizolay.com.tr\/index.php\/wp-json\/wp\/v2\/comments?post=19793"}],"version-history":[{"count":1,"href":"https:\/\/akdenizolay.com.tr\/index.php\/wp-json\/wp\/v2\/posts\/19793\/revisions"}],"predecessor-version":[{"id":19795,"href":"https:\/\/akdenizolay.com.tr\/index.php\/wp-json\/wp\/v2\/posts\/19793\/revisions\/19795"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/akdenizolay.com.tr\/index.php\/wp-json\/wp\/v2\/media\/19794"}],"wp:attachment":[{"href":"https:\/\/akdenizolay.com.tr\/index.php\/wp-json\/wp\/v2\/media?parent=19793"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/akdenizolay.com.tr\/index.php\/wp-json\/wp\/v2\/categories?post=19793"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/akdenizolay.com.tr\/index.php\/wp-json\/wp\/v2\/tags?post=19793"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}