Wednesday, October 7, 2015

TURLA (mis)using satellites to avoid detection

An Achilles' heel in the deployment of an APT is maintaining control over the infected computers after the initial infection.  The "masters" over the malicious system use C&C (command and control) servers for this purpose.  Security firms try to pinpoint these servers so they can be disabled (eg. by DNS sinkholes/black-hole DNS).  This is an ongoing global battle.

Turla is one of the scariest APTs around and researchers from Kaspersky have observed it misuses satellite uplinks to hide the location of the people in charge.

Again, this is spy movie material...

No comments:

Post a Comment