devxlogo

Hammertoss Malware Hides in GitHub, Twitter, Cloud Traffic

Hammertoss Malware Hides in GitHub, Twitter, Cloud Traffic

Security vendor FireEye has identified a new malware backdoor called Hammertoss which is able to hide in network traffic streams related to GitHub, Twitter and cloud computing services. This ability to blend in to network traffic makes the malicious communications very difficult to spot.

The researchers at FireEye believe a Russian advanced persistent threat (APT) group known as APT29 is behind Hammertoss. The group uses the malware to steal files and upload them to its own cloud storage accounts.

“While other APT groups try cover their tracks, very few groups show the same discipline to thwart investigators and the ability to adapt to network defenders’ countermeasures,” FireEye said. “For example, APT29 solely uses compromised servers for CnC, counters remediation attempts, and maintains a rapid development cycle for its malware by quickly modifying tools to undermine detection. These aspects make APT29 one of the most capable APT groups that we track.”

View article

devxblackblue

About Our Editorial Process

At DevX, we’re dedicated to tech entrepreneurship. Our team closely follows industry shifts, new products, AI breakthroughs, technology trends, and funding announcements. Articles undergo thorough editing to ensure accuracy and clarity, reflecting DevX’s style and supporting entrepreneurs in the tech sphere.

See our full editorial policy.

About Our Journalist