Recent News - Turla’s New Campaign Uses Instagram To Spy on Its Targets


2017-06-06

Turla Espionage Group, infamous for targeting governments, their officials and diplomats since at least 2007, has added a new campaign to its arsenal. According to ESET, the latest watering hole tactic includes an updated Firefox Extension abusing the popular social network – Instagram.

As usual, Turla’s watering hole attacks compromise websites that are likely to be visited by their targets of interest in order to redirect them to their Command and Control (C&C) infrastructure. When monitoring recent campaigns, ESET reserachers spotted a previously documented Firefox extension dropped. Unlike the previous version, the extension uses a bit.ly URL to reach its C&C. However, the URL path is nowhere to be found in the Firefox extensions, but instead obtained by using comments posted on a specific Instagram post. An analyzed example was a post made on Britney Spears Instagram account.

To obtain the bit.ly URL, the extension screens each photo’s comments,  for each comment it computes it has a custom hash value. If the hash value matches the number, it will then run the regular expression on the comment in order to obtain the URL path. 

“The fact that Turla is using social media to recover C&C addresses is making life harder for cybersecurity vendors as the tactic makes it difficult to distinguish malicious traffic from legitimate traffic to social media,” explains Jean-Ian Boutin, Senior Malware Reseracher at ESET. “As the information needed to obtain the command and control URL is simply a comment on social media, the attacker has the possibility to easily modify it or completely erase it.” 

To avoid being drawn into such watering hole campaign, ESET reserachers recommend as a good practice - keeping browsers and browsers’ plugins up-to-date. Another principle worth adopting is to avoid downloading and installing any extensions/add-ons coming from illegitimate sources. Luckily, cybersecurity solutions are able to detect suspicious looking websites and warn users, so it is always good to have one active and up to date.

To read the entire analysis on Turla’s new watering hole campaign: Turla’s watering hole campaign: Updated Firefox Extension abusing Instagram, please visit WeLiveSecurity.com
 
 

 

About ESET
ESET®, the pioneer of proactive protection and the maker of the award-winning ESET NOD32® technology, is a global provider of security solutions for businesses and consumers. For over 26 years, the Company continues to lead the industry in proactive threat detection. By obtaining the 80th VB100 award in June 2013, ESET NOD32 technology holds the record number of Virus Bulletin "VB100” Awards, and has never missed a single “In-the-Wild” worm or virus since the inception of testing in 1998. In addition, ESET NOD32 technology holds the longest consecutive string of the VB100 awards of any AV vendor. ESET has also received a number of accolades from AV-Comparatives, AV-TEST and other testing organisations and reviews. ESET NOD32® Antivirus, ESET Smart Security®, ESET Cyber Security® (solution for Mac), ESET® Mobile Security and IT Security for Business are trusted by millions of global users and are among the most recommended security solutions in the world.

ESET recently updated its two-factor authentication (2FA) application, adding a secure validation to weak and static user passwords. This updated version of ESET’s 2FA application provides flexibility and deeper integration of 2FA into bespoke applications, making it the best cost-effective solutions for SMBs everywhere.

The Company has global headquarters in Bratislava (Slovakia), with regional distribution centers in San Diego (U.S.), Buenos Aires (Argentina), and Singapore; with offices in Jena (Germany), Prague (Czech Republic) and Sao Paulo (Brazil). ESET has malware research centers in Bratislava, San Diego, Buenos Aires, Singapore, Prague, Košice (Slovakia), Krakow (Poland), Montreal (Canada), Moscow (Russia) and an extensive partner network for more than 180 countries. For more information visit http://eset.version-2.sg/ or follow us on Facebook.

 

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. Headquartered in Hong Kong, the Company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which includes Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

For more information, please visit www.version-2.com.sg or call (65) 6296-4268.

Previous News Next News

Return to the previous page