The espionage gang behind the MiniDuke backdoor uncovered by Kaspersky Lab and CrySys Lab in 2013 has surfaced again with a new backdoor and attack platform that is used sparingly against only high-value targets.
The new data theft tool, called Hammertoss, is a study not only in espionage capabilities, but also stealth and targeting. It’s been found so far only on one organization’s network, and has been linked to a Russian group dubbed APT29 by researchers at FireEye.
Once APT29 has access to a target network and deems it worthy, it deploys Hammertoss, which communicates through URLs seeded in social media accounts—Twitter in particular—and makes use of steganography in images stored on GitHub or compromised websites to retrieve encrypted instructions.
More
The new data theft tool, called Hammertoss, is a study not only in espionage capabilities, but also stealth and targeting. It’s been found so far only on one organization’s network, and has been linked to a Russian group dubbed APT29 by researchers at FireEye.
Once APT29 has access to a target network and deems it worthy, it deploys Hammertoss, which communicates through URLs seeded in social media accounts—Twitter in particular—and makes use of steganography in images stored on GitHub or compromised websites to retrieve encrypted instructions.
More
