SoylentNews

cafebabe writes:

Turla is an "advanced persistent threat" hacking group based in Russia with a long history of attacking states in ways that advance Russian state interests -- suggesting that they are either a part of the Russian espionage system, or contracting to it.

A new analysis by Eset shows that Turla is solving its C&C problems by using Britney Spears' Instagram account as a cut-out for its C&C servers. Turla moves the C&C server around, then hides the current address of the server in encrypted comments left on Britney Spears's image posts. The compromised systems check in with Spears's Instagram whenever they need to know where the C&C server is currently residing.

Source: BoingBoing

Turla faces another devastating disclosure, a report that Turla exploited gaps in the security model of satellite TV and internet systems to make it possible for compromised computers to contact the C&C servers without revealing their locations.

Satellite internet services that are delivered over DVB-S satellite TV links use unencrypted links: users send data to the satellites through normal internet links, without encryption, that terminate in satellite ground-stations that uplink to the space-based units. The satellites then beam down their communications (again, without encryption) to a region whose footprint has a radius of 600 miles.

Turla intercepted communications destined for the satellite base stations (called "teleport points") and injected their own data into the streams. The satellites retransmitted this data to a 600 square-mile radius zone. The addressee of the data ignored it, because it had a nonsense port-number associated with it. But Turla was able to receive this data and act on it.

Source: BoingBoing

Original Submission