Russian hackers have figured out a way to use Twitter to communicate with malware that’s infected target computers, allowing them to cover their tracks while making their way into confidential government computer systems.
The hackers upload special images to the social media site that stealthily transmit directions to installed malware that can then steal files or other unwanted actions, reported the Financial Times. The advantage of this approach is that targeted computer systems don’t register the intrusion. It looks like just another Tweet.
The cybersecurity firm FireEye (FEYE) released a report on the trick and labeled it “Hammertoss.” The attack method was “designed so that defenders can neither detect nor characterize its activity,” wrote FireEye, which says there’s a “high” chance that Russian hackers are behind Hammertoss.
“The weaponization of social media is a growing threat,” Stuart Poole-Robb, chief executive of the business intelligence group KCS, told the FT. “It’s an easy way of passing information to malware that’s hard to detect.”
Read more at the Financial Times (paywall).