{"id":36038,"date":"2025-10-20T18:10:31","date_gmt":"2025-10-20T15:10:31","guid":{"rendered":"https:\/\/kibrisayna.com\/index.php\/2025\/10\/20\/wordpress-tabanli-14-bin-site-hacklendi-yeni-yontem-blok-zinciri\/"},"modified":"2025-10-20T18:10:31","modified_gmt":"2025-10-20T15:10:31","slug":"wordpress-tabanli-14-bin-site-hacklendi-yeni-yontem-blok-zinciri","status":"publish","type":"post","link":"https:\/\/kibrisayna.com\/index.php\/2025\/10\/20\/wordpress-tabanli-14-bin-site-hacklendi-yeni-yontem-blok-zinciri\/","title":{"rendered":"WordPress tabanl\u0131 14 bin site hacklendi: Yeni y\u00f6ntem blok zinciri"},"content":{"rendered":"


\n<\/p>\n

\n

D\u00fcnyadaki web sitelerinin yakla\u015f\u0131k y\u00fczde 43\u2019\u00fc WordPress altyap\u0131s\u0131yla \u00e7al\u0131\u015f\u0131yor. Bu nedenle WordPress\u2019e y\u00f6nelik her yeni sald\u0131r\u0131, internet g\u00fcvenli\u011fi a\u00e7\u0131s\u0131ndan b\u00fcy\u00fck bir endi\u015fe kayna\u011f\u0131 haline geliyor.<\/p>\n

Google<\/a> Tehdit \u0130stihbarat Grubu (GTIG) taraf\u0131ndan yay\u0131mlanan son rapor, UNC5142 kod adl\u0131 yeni bir hacker grubunun, WordPress sitelerini hedef alan geli\u015fmi\u015f bir sald\u0131r\u0131 kampanyas\u0131 y\u00fcr\u00fctt\u00fc\u011f\u00fcn\u00fc ortaya koydu.<\/p>\n

Rapora g\u00f6re UNC5142, zay\u0131f temalar, hatal\u0131 eklentiler veya savunmas\u0131z veritabanlar\u0131 kullanan WordPress sitelerini tespit ederek sald\u0131r\u0131ya ge\u00e7iyor.<\/p>\n

Bu sitelere \u201cCLEARSHORT\u201d adl\u0131 \u00e7ok a\u015famal\u0131 bir JavaScript indirici bula\u015ft\u0131r\u0131l\u0131yor. Bu zararl\u0131 kod, daha sonra k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131mlar\u0131n internet genelinde yay\u0131lmas\u0131n\u0131 sa\u011fl\u0131yor.<\/p>\n

YEN\u0130 TEHD\u0130T TEKN\u0130\u011e\u0130<\/strong><\/p>\n

Google, sald\u0131r\u0131lar\u0131n en dikkat \u00e7ekici y\u00f6n\u00fcn\u00fcn \u201cEtherHiding\u201d ad\u0131 verilen yeni bir y\u00f6ntem oldu\u011funu belirtiyor.<\/p>\n

EtherHiding, k\u00f6t\u00fc ama\u00e7l\u0131 kodu halka a\u00e7\u0131k bir blok zincirine yerle\u015ftirerek gizleme tekni\u011fi olarak tan\u0131mlan\u0131yor.<\/p>\n

Bu y\u00f6ntem, zararl\u0131 yaz\u0131l\u0131mlar\u0131n geleneksel yollarla tespit edilmesini neredeyse imk\u00e2ns\u0131z hale getiriyor. \u00c7\u00fcnk\u00fc blok zinciri \u00fczerinde depolanan kodlar merkezi bir sunucuda bulunmad\u0131\u011f\u0131 i\u00e7in silinmesi veya engellenmesi \u00e7ok zor.<\/p>\n

SOSYAL M\u00dcHEND\u0130SL\u0130K TUZAKLARI<\/strong><\/p>\n

Sald\u0131r\u0131n\u0131n bir sonraki ad\u0131m\u0131nda, blok zinciri \u00fczerindeki ak\u0131ll\u0131 s\u00f6zle\u015fme (smart contract) bir CLEARSHORT a\u00e7\u0131l\u0131\u015f sayfas\u0131 olu\u015fturuyor. Bu sayfa genellikle Cloudflare geli\u015ftirici platformlar\u0131nda bar\u0131nd\u0131r\u0131l\u0131yor ve \u201cClickFix\u201d adl\u0131 sosyal m\u00fchendislik takti\u011fini kullan\u0131yor.<\/p>\n

ClickFix, kullan\u0131c\u0131lar\u0131 kand\u0131rarak bilgisayarlar\u0131nda Windows \u201c\u00c7al\u0131\u015ft\u0131r\u201d penceresi veya Mac Terminal uygulamas\u0131 \u00fczerinden k\u00f6t\u00fc niyetli komutlar \u00e7al\u0131\u015ft\u0131rmaya y\u00f6nlendiriyor.<\/p>\n

F\u0130NANSAL AMA\u00c7LI SALDIRILAR<\/strong><\/p>\n

GTIG, UNC5142 grubunun sald\u0131r\u0131lar\u0131n\u0131n genellikle finansal motivasyonlu oldu\u011funu belirtiyor. Grup, Google taraf\u0131ndan 2023 y\u0131l\u0131ndan beri izleniyor. Ancak rapora g\u00f6re UNC5142\u2019nin faaliyetleri Temmuz 2025\u2019te aniden durdu.<\/p>\n

Bu durum, hacker grubunun operasyonlar\u0131n\u0131 ger\u00e7ekten sonland\u0131rm\u0131\u015f olabilece\u011fi gibi, y\u00f6ntemlerini de\u011fi\u015ftirip daha gizli bi\u00e7imde sald\u0131r\u0131lar\u0131na devam etti\u011fi anlam\u0131na da gelebilir.<\/p>\n

14 B\u0130N S\u0130TE HEDEF\u00a0OLDU<\/strong><\/p>\n

Haziran 2025 itibar\u0131yla GTIG, s\u00f6z konusu hacker grubu taraf\u0131ndan ele ge\u00e7irilmi\u015f bir web sitesiyle ili\u015fkili JavaScript i\u00e7eren yakla\u015f\u0131k 14 bin web sayfas\u0131 tespit etti.<\/p>\n

Kurum, “UNC5142, savunmas\u0131z WordPress sitelerini ayr\u0131m g\u00f6zetmeksizin hedef al\u0131yor” diyor.<\/p>\n

NE YAPMALI?<\/strong><\/p>\n

Siber g\u00fcvenlik uzmanlar\u0131, \u00f6zellikle WordPress kullan\u0131c\u0131lar\u0131n\u0131 uyar\u0131yor:<\/p>\n

– Eklentilerin ve temalar\u0131n her zaman g\u00fcncel tutulmas\u0131,<\/p>\n

– G\u00fcvenilir olmayan kaynaklardan tema veya eklenti indirilmemesi,<\/p>\n

– Site dosyalar\u0131n\u0131n d\u00fczenli olarak zararl\u0131 yaz\u0131l\u0131m taramas\u0131ndan ge\u00e7irilmesi gerekiyor.<\/p>\n

Google\u2019\u0131n bulgular\u0131, siber sald\u0131r\u0131lar\u0131n art\u0131k yaln\u0131zca klasik vir\u00fcslerle de\u011fil, blok zinciri teknolojisinin k\u00f6t\u00fcye kullan\u0131m\u0131yla da yeni bir evreye ge\u00e7ti\u011fini g\u00f6steriyor.<\/p>\n<\/div>\n


\n
<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

D\u00fcnyadaki web sitelerinin yakla\u015f\u0131k y\u00fczde 43\u2019\u00fc WordPress altyap\u0131s\u0131yla \u00e7al\u0131\u015f\u0131yor. Bu nedenle WordPress\u2019e y\u00f6nelik her yeni sald\u0131r\u0131, internet g\u00fcvenli\u011fi a\u00e7\u0131s\u0131ndan b\u00fcy\u00fck bir endi\u015fe kayna\u011f\u0131 haline geliyor. Google Tehdit \u0130stihbarat Grubu (GTIG) taraf\u0131ndan yay\u0131mlanan son rapor, UNC5142 kod adl\u0131 yeni bir hacker grubunun, WordPress sitelerini hedef alan geli\u015fmi\u015f bir sald\u0131r\u0131 kampanyas\u0131 y\u00fcr\u00fctt\u00fc\u011f\u00fcn\u00fc ortaya koydu. Rapora g\u00f6re UNC5142, […]<\/p>\n","protected":false},"author":908,"featured_media":36039,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[12],"tags":[],"class_list":["post-36038","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-teknoloji"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"https:\/\/kibrisayna.com\/wp-content\/uploads\/2025\/10\/HWUBbA7Xgk-9FO_P9_189A.jpg","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/kibrisayna.com\/index.php\/wp-json\/wp\/v2\/posts\/36038","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/kibrisayna.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kibrisayna.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kibrisayna.com\/index.php\/wp-json\/wp\/v2\/users\/908"}],"replies":[{"embeddable":true,"href":"https:\/\/kibrisayna.com\/index.php\/wp-json\/wp\/v2\/comments?post=36038"}],"version-history":[{"count":0,"href":"https:\/\/kibrisayna.com\/index.php\/wp-json\/wp\/v2\/posts\/36038\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/kibrisayna.com\/index.php\/wp-json\/wp\/v2\/media\/36039"}],"wp:attachment":[{"href":"https:\/\/kibrisayna.com\/index.php\/wp-json\/wp\/v2\/media?parent=36038"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kibrisayna.com\/index.php\/wp-json\/wp\/v2\/categories?post=36038"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kibrisayna.com\/index.php\/wp-json\/wp\/v2\/tags?post=36038"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}