Hammertoss Malware Makes Traditional Security Moot

Watch out. This is the most sophisticated Russian cyberspy group yet to be revealed, according to FireEye. The security firm just issued a new threat intelligence report called EUHammertoss: Stealthy Tactics Define a Russian Cyber Threat GroupEU that analyzes its operations.

The advanced persistent threat (APT) group APT29, which has operated in its current form since at least 2014 and is thought to be backed by the Russian government, is behind Hammertoss. Hammertoss is made up of multiple malware tactics to execute its unique obfuscation goals.

It follows a step-by-step retrieval of commands through common Web services that would typically evade initial detection, including: beaconing each day to a different, algorithmically-matched Twitter handle for links and hashtags with commands; and following social media links to sites like GitHub that host images with commands hidden within them using a practice known as steganography.

According to FireEye, APT29 has demonstrated very strong capabilities to adapt to, and obfuscate its activities from network defense measures -- including aggressively monitoring network defenders and forensic investigators -- and attempting to subvert them. FireEye said the cyberspyEUs discipline in operational security sets this group apart even from other Russian APT groups.

EUThe novel approach APT29 takes to carry out its attacks and maintain their persistence in networks represents a level of difficulty that security professionals could see trickle down into their own network security operations,EU said Laura Galante, Director of Threat Intelligence at FireEye. EUAs we continue to track APT29, we will be able to bring more intelligence to light that will help our customers improve their defenses against advanced attacks.EU

This Is Pretty Clever

We caught up with Ken Westin, a senior security analyst for advanced threat detection firm Tripwire, to get his thoughts on the breakout. He told us he has been noting the potential for this EUHammertossEU cyber-espionage scenario...

Comments are closed.