Friday, June 9, 2017

Today's Headline

Russian Malware Communicates by Leaving Comments in Britney Spears's Instagram Account

The story:
A key weakness in malicious software is the "Command and Control" (C&C) system: a central server that the malware-infected systems contact to receive updates and instructions, and to send stolen data. Anti-malware researchers like to reverse engineer malicious code, discover the C&C server's address, and then shut it down or blacklist it from corporate routers.

Turla is an "advanced persistent threat" hacking group based in Russia with a long history of attacking states in ways that advance Russian state interests -- suggesting that they are either a part of the Russian espionage system, or contracting to it.

A new analysis by Eset shows that Turla is solving its C&C problems by using Britney Spears' Instagram account as a cut-out for its C&C servers. Turla moves the C&C server around, then hides the current address of the server in encrypted comments left on Britney Spears's image posts. The compromised systems check in with Spears's Instagram whenever they need to know where the C&C server is currently residing.

No comments: