b374k
v10
today : | at : | safemode : ON
> / home / facebook / twitter / exit /
name author perms com modified label

Russian APT attackers control the Hacked Machines using Twitter, Github Asylum rwxr-xr-x 0 7:54 AM

Filename Russian APT attackers control the Hacked Machines using Twitter, Github
Permission rw-r--r--
Author Asylum
Date and Time 7:54 AM
Label
Action



Russian APT attackers have used an advanced type of backdoor which tries to avoid detection by adding layers of obfuscation and mimicking the behavior of legitimate users. 

The attackers used popular legitimate websites such as Twitter, Github and other compromised web servers to send instructions and steal data from the compromised machines, according to a APT report published by the security firm FireEye.


The group is known as APT29, which creates an algorithm that generates daily Twitter handles and embedding pictures with commands. 

The attackers post instructions for their backdoors in a tweet, which contains a URL and a hashtag.  The malware will download contents hosted in the specific URL including all images in the page. 

They hide the data and other instructions within an Image file using a technology called Steganography. 

The Hashtag contains a number representing a location within the image file and a few characters that should be appended to the decryption key.  The key will be used for retrieving the data stored in the  image.


The instructions also contains where to upload the stolen data - It uploads to a specific account on a cloud storage service using the login credentials.

APT 29 is suspected to be in Russia since it is active during normal working hours in Moscow.


via E Hacking News - Latest Hacker News and IT Security News Russian APT attackers control the Hacked Machines using Twitter, Github http://ift.tt/1ImRnmQ

0 comments:

Post a Comment

 

Jayalah Indonesiaku © 2010 Hacker News
VB (Vio b374k) Template design by p4r46hcyb3rn3t