Russian Hackers Use Twitter To Hack U.S. Targets

If your company has been experiencing an unusual amount of traffic from Twitter lately, you may be in for a shock. A hacker group suspected of being supported by the Russian government has been using the micro-blogging platform to hack into U.S. computer networks, according to a new report by computer security firm FireEye.

The hacking group is what is known as an advanced persistent threat, and has been classified as APT29. Using a variety of techniques, including creating an algorithm that generates daily Twitter handles and embedding pictures with commands, APT29 has created a particularly effective piece of stealthy malware that FireEye has dubbed Hammertoss.

Novel Approach

APT29 tries to undermine the detection of the malware by adding layers of obfuscation and mimicking the behavior of legitimate users, according to the security firm. Hammertoss uses Twitter, GitHub, and cloud storage services to relay commands and extract data from compromised networks. That combination of tactics makes the hacker group particularly difficult to stop.

"The novel approach APT29 takes to carry out its attacks and maintain their persistence in networks represents a level of difficulty that security professionals could see trickle down into their own network security operations," said Laura Galante, director, threat intelligence at FireEye.

FireEye said it first saw evidence of APT29 last year, with the Hammertoss malware appearing earlier this year. The group has demonstrated the ability to adapt to, and obfuscate its activities from, network defense measures -- including aggressively monitoring network defenders and/or forensic investigators and attempting to subvert them. The group's discipline in operational security sets it apart even from other Russian APT groups, FireEye said.

MoscowEUs Fingerprints

Hammertoss works by retrieving commands via Twitter for command and control (CnC) functions. Once a system has been infected with Hammertoss, the malware is programmed to visit a different...

Comments are closed.