Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?
Government Security Social Networks Politics

Russian Cyber-Espionage Group Controlled Its Malware Partly Through Reddit Posts ( 18

"Cyber-espionage operations from Cozy Bear, a threat actor believed to work for the Russian government, continued undetected for the past years by using malware families previously unknown to security researchers," reports BleepingComputer -- citing a surprisingly detailed report: Relying on stealthy communication techniques between infected systems and the command and control servers, the group managed to keep their activity under the radar for a long time. Cyber-espionage campaigns that likely started in 2013, collectively named "Operation Ghost," have been attributed to this group, and continued through 2019...

Researchers at ESET tracking this threat actor found at least three victims of Operation Ghost, all being European Ministries of Foreign Affairs including the Washington DC embassy of a European Union country. The victim count is likely larger but identifying them is difficult because the threat actor uses unique command and control infrastructure for each target.

The report notes the group used sites like Reddit, Twitter, and Imgur to deliver the URLs for some command-and-control servers, along with information hidden in images. And another stage of its malware platform used an even more robust site for its command-and-control server: Dropbox.
This discussion has been archived. No new comments can be posted.

Russian Cyber-Espionage Group Controlled Its Malware Partly Through Reddit Posts

Comments Filter:
  • by Ungrounded Lightning ( 62228 ) on Saturday October 19, 2019 @02:16PM (#59325312) Journal

    So now you know what those strange bot-generated off-topic Slashdot postings were about. ;-)

  • Something's wrong with the news... we stopped covering ourselves and started covering Russia, China, Ukraine, and Turkey. Jimmy Kimmel complained about this last week.

    Now look what happened to Slashdot, instead of innovations being reported, we've got reports on the hackers of the world who from the nations that are accused of biasing American voters in 2016's election, and it seems these breaches went unreported for years going back far enough to include 2016.

    Instead of patch of the day, we've got the inte

    • by AHuxley ( 892839 )
      Re 'Something's wrong with the news"
      In the past we would have to wait 40 years to read about Soviet and Russian methods to protect CIA, NSA and GCHQ methods of detection.
      Some author would seek and get permission to hint at some project 30-40 years later in a book.
      Now we are reading about how some security services detect Russian methods in real time?
      The amazing cyber story about "Russia bad" is all so good for NATO, the EU, the US until the part about who found the "MiniDuke implant" ... in 2013...
    • by rtb61 ( 674572 )

      We do not have reports, we have ideological beliefs, what everyone used to call lies. The US government wants to make a claim about anything, prove it in court.

      Seriously what has everyone forgotten, governments did not provide us courts, the people are to fight and die for those courts and the reason why courts because we no longer believed the government. The government wants to say something, anything, facts and facts only, can not prove it in court, the government should shut the fuck up.

      The people dem

  • Told y'all Reddit was internet cancer.
  • " Russian Cyber-Espionage Group Controlled Its Malware Partly Through Reddit Posts" honestly. damn genius. i actually want to set up a php scrapping cron jon to look at external eebsites and try this. great idea. could do a good deadmans switch this way. if not "@reddit; my greencat is hungry for beetles again today" then destroy or release files. damn brillinat. and of course it could be looking for a list of preapptoved phrases in a text file anyone of which could be a instruction for somethin

Some people only open up to tell you that they're closed.
