HAMMERTOSS: Stealthy tactics define a Russian cyber threat group
The Russian cyber threat groups that we monitor frequently design innovative ways to cover their tracks. In early 2015, we came across stealthy malware—which we call HAMMERTOSS—from an advanced persistent threat group that we suspect the Russian government sponsors. We designate this group - APT29.
Using a variety of techniques—from creating an algorithm that generates daily Twitter handles to embedding pictures with commands—the developers behind HAMMERTOSS have devised a particularly effective tool. APT29 tries to undermine the detection of the malware by adding layers of obfuscation and mimicking the behavior of legitimate users.
HAMMERTOSS uses Twitter, GitHub, and cloud storage services to relay commands and extract data from compromised networks.
This reports details the threat intelligence analysis on the history, targets, and methodology of the Russian APT29 group that created the elusive malware backdoor HAMMERTOSS.