Russian hackers are found to be using microblogging site Twitter to conceal their intrusions. Apt 29, a group of Russian hackers, is suspected to be behind a series of data breaches that involve using fake Twitter handles. The hackers target governments of other countries that have relations with Russia. The attacks are being carried out by a system called 'Hammertoss'.
According to an article regarding the matter in Fusion.net, the Hammertoss has a malware that needs to attack its target's command systems, both internal and external to further carry out how Apt 29 wants the target infected. Hammertoss will find handles made by Apt 29. The handles are under the guise of Twitter links. Once the link has been found, a direct connection to the target will be made. It then allows the attack to happen. If Hammertoss does not find Apt 29 links on Twitter, it will continue scouring the site until it finds one. The system will subsequently infect it.
The system creates links in the form of image files and promotional tweets, using curious hashtags. Some posts are a dead giveaway of the attack, including Hammertoss in the filenames and links. The accounts used to spread the links are bogus accounts that usually do not have display images apart from the default. With the image files comes encrypted data. This activates malware in the infected computer and allows information to be extracted from it. Apt 29 will then delete the tweet and even the account after the post has been clicked.
California-based security company Fire Eye has discovered the hackers' operation on Twitter. It has released a report on the findings. The report cited another hack called MiniDuke, which similarly uses the microblogging site to propagate encrypted files and infect computers.
Hacking incidences have made news during the past few months, following the much talked about data breach on the Hacking Team. A hacker who claimed responsibility for it also used Twitter to mislead authorities, who later ruled the incident as a possible inside job.
