Malware Hiding in Britney Spears’ Instagram and Where Else?

The Turla hacker group is up to its old tricks, but with an interesting new twist. Now, the group is using Britney Spears' Instagram account to cover its tracks.

The new tactic could make it more difficult for organizations to defend themselves against such attacks and for investigators to collect evidence after the fact.

Watering Hole Attack

The Turla group has been around for years, using a collection of hacking tools that are thought to have been developed by Russian intelligence agencies. The group mostly focuses on attacking governments, government officials, and diplomats, often using a technique known as a "watering hole" attack.

In a watering hole attack, the hacker doesn't attack the primary target directly. Instead, the technique relies on compromising a Web site that the target is likely to visit, similar to the way a lion might stalk a watering hole waiting for its prey to arrive. Turla is primarily interested in staking out embassy Web sites to trap its targets.

Once the intended victim accesses the compromised Web site, the hacker then attempts to redirect the individual to the hacker?EU?s own command and control (C&C) infrastructure.

Turla has been doing this by inserting a snippet of JavaScript code into the watering hole Web site. Now, however, the group is using a technique that masks what the code is doing by making it appear as though the code is part of a legitimate service, such as Clicky, which provides real-time Web analytics.

But instead of accessing the tool mentioned in the code, it redirects the user to a C&C server, which then installs a fingerprinting script on the victim?EU?s machine. A fingerprinting script is used to gather system information and send it back to the attacker?EU?s C&C. It may also install a "super cookie" on the victim's machine to...

Comments are closed.