Russian hackers are at it again, this time tapping Britney Spears's Instagram account to post coded messages part of a complex malware operation.
According to cybersecurity firm ESET from Slovakia, Spears's Instagram contained coded messages linked to the Turla hacker server.
Russian Hackers Used Britney Spears's Instagram Account
As ESET points out, a Russian hacker group known for spying on diplomats, governments, military bases, and what-not has inserted a sophisticated backdoor Trojan malware to conduct its operation on popular social media site Instagram. More specifically, the hackers tapped Spears's Instagram account to use it as an inconspicuous Turla command center of sorts. On the bright side, it seems the hijacked account did not target users.
ESET refers to this type of hack as a "watering hole" attack, which employs various techniques to direct victims to the hackers' command and control (C&C) infrastructure. The cybersecurity firm notes that such watering hole attacks have been making rounds for at least three years now, with only slight variations in the modus operandi.
Hiding The C&C Server
In this case, the hackers posted comments on Spears's Instagram posts, linking to a central server that transmitted instructions and moved stolen data between malware-ridden computers.
Typically it doesn't take long for hacking operations to hit a wall once their C&C server is found, but in this case hackers used Spears's Instagram account to mask their operation. In other words, Spears's Instagram basically served as a relay system, shielding the attackers and making the C&C server harder to find.
The messages posted didn't seem to make any sense, but they were codes with strings of characters that created a link to a C&C hacker server. Should someone find the location of that server, other links would immediately surface for a replacement server.
"The websites' visitors will be redirected to a malicious server because of a snippet — inserted by the attacker — appended to the original page," ESET explains.
Why Instagram?
In this internet age, Instagram is one of the most popular social media sites and it's close to hitting the 1-billion-users milestone. The site sees a whopping amount of traffic each day, with a slew of posts from all over the world. Amid the sea of harmless posts that surface each day, these tricky comments from Russian hackers mostly went unnoticed. They did not target users, but instructed Russian malware on how to reach its controllers.
Britney Spears has roughly 17 million followers on Instagram and when a post got thousands of comments, a coded message could easily hide without drawing too much attention. One of these messages, for instance, appeared on one of Spears's photos that had more than 2,000 other comments. The coded comment was "#2hot make loved to her, uupss #Hot #X" and has since vanished from the comments thread on the respective photo.
ESET stumbled upon this operation back in February and speculates that it may be part of a set of tests for another operation. For more technical details regarding Russian hackers' use of Britney Spears's Instagram account, as well as more general details regarding their operation, check out ESET's report.