Hackers using Twitter to steal data from US computer networks

Russian-based hijackers are using malicious software hidden in Twitter images to pass on commands and steal information from US computer networks, security experts reported this week.

A study from the security agency FireEye analyzed stealth methods used by hacker groups considered to be backed by the Russian govt.

“Using a variety of techniques – from creating an algorithm that generates daily Twitter handles to embedding pictures with commands – the developers… have devised a particularly effective tool,” FireEye said in the report released Wednesday.

Security analysts formerly linked Russian-based hacker groups to attempts to enter computer networks at the White House and in other places.
FireEye reported this group, dubbed APT29, is probably sponsored by the Russian government. It has been active since at least late 2014, as per the researchers.

The report said this kind of attack tool, referred to as “Hammertoss,” produces and looks for an unique Twitter account each day and tries to blend in with normal traffic on the messaging platform.

Inside images generated in tweets, the cyberpunks insert malicious code that allows them to grab data or get access to computers that view the images.

“While the image appears normal, it actually contains steganographic data,” or the practice of concealing a message, image or file within another message, according to FireEye.

The method “undermines network defenders’ ability to identify Twitter accounts used for (attacks), discern malicious network traffic from legitimate activity and locate the malicious payloads downloaded by the malware,” the report said.

“This makes Hammertoss a powerful backdoor at the disposal of one of the most capable threat groups we have observed.”