| Title | Russian Malware uses Pop Star's Instagram Comments | |
| Date | Friday June 09 2017, @01:44AM | |
| Author | n1 | |
| Topic | ||
| from the toxic-communications dept. | ||
Turla is an "advanced persistent threat" hacking group based in Russia with a long history of attacking states in ways that advance Russian state interests -- suggesting that they are either a part of the Russian espionage system, or contracting to it.
A new analysis by Eset shows that Turla is solving its C&C problems by using Britney Spears' Instagram account as a cut-out for its C&C servers. Turla moves the C&C server around, then hides the current address of the server in encrypted comments left on Britney Spears's image posts. The compromised systems check in with Spears's Instagram whenever they need to know where the C&C server is currently residing.
Source: BoingBoing
Turla faces another devastating disclosure, a report that Turla exploited gaps in the security model of satellite TV and internet systems to make it possible for compromised computers to contact the C&C servers without revealing their locations.
Satellite internet services that are delivered over DVB-S satellite TV links use unencrypted links: users send data to the satellites through normal internet links, without encryption, that terminate in satellite ground-stations that uplink to the space-based units. The satellites then beam down their communications (again, without encryption) to a region whose footprint has a radius of 600 miles.
Turla intercepted communications destined for the satellite base stations (called "teleport points") and injected their own data into the streams. The satellites retransmitted this data to a 600 square-mile radius zone. The addressee of the data ignored it, because it had a nonsense port-number associated with it. But Turla was able to receive this data and act on it.
Source: BoingBoing
| Links |
printed from SoylentNews, Russian Malware uses Pop Star's Instagram Comments on 2023-06-14 02:55:02