Russian Hackers Used Twitter, Photos to Reach US Computers: Reports

Advertisement
By Reuters | Updated: 29 July 2015 18:57 IST
Russian government-backed hackers who penetrated high-profile US government and defence industry computers this year used a method combining Twitter with data hidden in seemingly benign photographs, according to experts studying the campaign.

In a public report Wednesday, researchers at security company FireEye Inc said the group used the unusual tandem as a means of communicating with previously infected computers. FireEye has briefed law enforcement on what it found.

The technique, uncovered during a FireEye investigation at an unnamed victim organization, shows how government-backed hackers can shift tactics on the fly after they are discovered.

Advertisement

"It's striking how many layers of obfuscation that the group adopts," said FireEye Strategic Analysis Manager Jennifer Weedon. "These groups are innovating and becoming more creative."

The machines were given an algorithm for checking a different Twitter account every day. If a human agent registered that account and tweeted a certain message, instructions for a series of actions by the computer would be activated.

Advertisement

The tweeted information included a website address, a number and a handful of letters. The computer would go to the website and look for a photo of at least the size indicated by the number, while the letters were part of a key for decoding the instructions in a message hidden within the data used to display the picture on the website.

Weedon said the communication method might have been a failsafe in case other channels were discovered and cut. Vikram Thakur, a senior manager at Symantec Corp, said his team had also found Twitter controls combined with hidden data in photos, a technique known as steganography.

Advertisement

FireEye identified the campaign as the work of a group it has been internally calling APT29, for advanced persistent threat. In April, it said another Russian-government supported group, APT28, had used a previously unknown flaws in Adobe Systems Inc.'s Flash software to infect high-value targets.

Other security firms use different names for the same or allied groups. Symantec recently reported another data-stealing tool used in tandem with the steganography, which it calls Seaduke. Thakur said both tools were employed by the group it knows as the Duke family.

Advertisement

Thakur said another tool in that kit is CozyDuke, which Russian firm Kaspersky Lab says is associated with recent breaches at the State Department and the White House.

© Thomson Reuters 2015

 

Get your daily dose of tech news, reviews, and insights, in under 80 characters on Gadgets 360 Turbo. Connect with fellow tech lovers on our Forum. Follow us on X, Facebook, WhatsApp, Threads and Google News for instant updates. Catch all the action on our YouTube channel.

Further reading: Adobe, Internet, Kaspersky, Russia, Symantec, Twitter
Advertisement

Related Stories

Popular Mobile Brands
  1. Apple Back to School Sale: Grab These Deals on MacBook, iPad Models
  1. Google Rebrands NotebookLM as Gemini Notebook; Brings Cloud Computing and Search Integration
  2. Samsung Music Studio 5, Music Studio 7 Wi-Fi Speakers Launched in India
  3. Ostium Suspends Trading Following Oracle Security Incident Drains Millions
  4. Oppo’s New A Series, Upcoming OnePlus Mid-Range Smartphones Tipped to Launch With 10,000mAh Batteries
  5. WhatsApp Reportedly Rolls Out Mic Mode Controls for iPhone Calls
  6. Former Rockstar Games Developer Explains Why GTA 6 Maker Launches Games on PC After Consoles
  7. Samsung Galaxy Tab S12 Ultra CAD Renders Leaked Online; Reveals Familiar Look
  8. Apple Back to School Sale Now Live in India, Bringing Offers on MacBook Air, iPad Pro and More
  9. Realme Could Replace Realme UI With ColorOS 17 in India: Report
  10. Nubia NaviX Ultra Design, Colour Options Unveiled Ahead of July 17 Launch
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2026. All rights reserved.