Spying On Political Targets? Russian Hackers Modify Browsers To Track Secure Traffic

Browser
A group of Russian hackers known as Turla is behind a new malware that compromises encrypted communications. Security experts think the group modifies Chrome and Firefox to do surveillance work. Simon Steinberger | Pixabay

Hackers tend to stay away from websites that use HTTPS. These websites help secure web traffic and prevent cybercriminals from interfering with data that are transmitted between the encrypted site and the browser.

Malware Compromises Encrypted Communications

A group of hackers, however, is apparently not deterred by these supposed security measures. In a blog post published on Oct. 3, cybersecurity firm Kaspersky reported that in April 2019, it discovered a new malware that compromises encrypted communications.

It identified the Russian hacking group Turla as the actor behind these attempts, which involve modifying browsers such as Chrome and Firefox to fingerprint TLS-encrypted web traffic

The hackers reportedly first infect systems using a remote access trojan to modify locally installed browsers. They start with installing their own certificates to intercept TLS traffic from the host and then patch the pseudo-random number generation that negotiates the TLS connections.

The modification essentially allows the hackers to "fingerprint" their victims regardless of use of the HTTPS, which then allows them to passively track encrypted web traffic.

"Analysis of the malware allowed us to confirm that the operators have some control over the target's network channel and could replace legitimate installers with infected ones on the fly. That places the actor in a very exclusive club, with capabilities that few other actors in the world have," Kaspersky revealed in a blog post.

Malware Could Be Snooping On Political Targets And Dissidents

It also appears that the hackers did not make the modifications to break the encryption on the websites. Security experts think they were done to serve surveillance purposes.

The intended targets of the malware are located in Russia and Belarus, where it could be spying on political targets and dissidents. The hacking group Turla is believed to be working under the protection of the Russian government.

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics