It’s international cyber espionage, bitch
Instagram isn’t just for pretending you have a more satisfying life than you do, stalking people to 94 weeks ago and slime videos. There’s cyber espionage curated via IG to think about too! A Russia-based hacking collective known for their cyber espionage and attacking governments is using the comment section of Britney Spears‘ Instagram to communicate with each other, test out and control malware. Oops! Russia did it again...
Security researchers at ESET found that the group, known as Turla, had created a backdoor Trojan. Using an infected Firefox extension, the hackers easily access a targeted computer to trace their web activity, passwords and personal data. They’re hiding encrypted codes in Instagram comment sections, like Brit’s, to then contact their malware command and control (C&C) servers, which send instructions and hoard this stolen data. The ESET report says the malware would search and connect with comments that had a hash with the value 183. TLDR: these little comments mean hackers can navigate viruses and cyber attacks in plain sight, with slim chances of having their bigger scam caught out.
The highlighted comment looks just like another thirsty fan really, among thousands and thousands of others on the singer’s page, followed by 16.9 million users. As Gizmodo details, once this is found by the malware, it creates a Bit.ly link that goes to a ‘watering hole’ – a compromised site to trap targets. Doing things this way means the controllers can change where it meets up with the malware without having to change the malware itself. You can read a more comprehensive explanation of this in a detailed report here.
Turla is, according to Bleeping Computer, an “advanced persistent threat” hacking group known for attacks that help out the Russian state. It’s thought it could be an offshoot of Russian state cyber intelligence.
Though the compromised extension was quite basic and accessed only 17 times, ESET says it would be sufficient for some serious cyber attacks. The security researchers have been in contact with Firefox, who are working to disable to extension.
While Brit remains pure and good, Russian hackers? Not that innocent.