Those following the perpetual saga of Russian hacking know about Turla, a group that loves mounting attacks on countries and other jurisdictions in a way that benefit the homeland. They could be official Russian spooks, contractors to the FSB or just (as Vladimir Putin put it, independent “patriots” who are just trying to help out their country.
A new report published by Eset, an antivirus research company, a strain of Turla’s malware “used comments posted to Britney Spears’s official Instagram account to locate the control server that sends instructions and offloads stolen data to and from infected computers.”
Ars Technica explains:
Eset said researchers discovered a Firefox browser extension that masqueraded as a security feature. Behind the scenes, it provided the means for outside parties to seize complete control of an infected computer. To remain stealthy, the extension used programming tricks—including regular expressions and the calculation of cryptographic hashes—to find the control server where the data was to be sent.
To paraphase a line from Dennis Farina in Snatch, one of my favourite movies of all time, about Boris the Blade/Bullet Dodger: “Sneaky f*kin’ Russians.” (Thanks to Michael for the link.)