Cyber threat groups frequently design innovative ways to cover their tracks. In early 2015, a new malware emerged, which the analysts are calling HAMMERTOSS, from an advanced persistent threat (APT) group. How HAMMERTOSS works - the five stages, from looking for a Twitter handle to executing commands, including uploading victim’s data to cloud storage services
The Russian attacker group that FireEye knows as APT29, employs HAMMERTOSS to compromise its targets. Using a variety of techniques - from creating an algorithm that generate daily Twitter handles to embedding pictures with commands. The developers behind HAMMERTOSS have devised a particularly effective tool. HAMMERTOSS uses Twitter, GitHub, and cloud storage services to relay commands and extract data from compromised networks.
Watch this insightful on-demand webinar from FireEye's Threat Intelligence Analysts discussing:
Who APT29 is - their history, targets and methodology
Critical insights on HAMMERTOSS and APT29