“Cyber-espionage operations from Cozy Bear, a threat actor believed to work for the Russian government, continued undetected for the past years by using malware families previously unknown to security researchers,” reports BleepingComputer — citing a surprisingly detailed report:
Relying on stealthy communication techniques between infected systems and the command and control servers, the group managed to keep their activity under the radar for a long time. Cyber-espionage campaigns that likely started in 2013, collectively named “Operation Ghost,” have been attributed to this group, and continued through 2019…
Researchers at ESET tracking this threat actor found at least three victims of Operation Ghost, all being European Ministries of Foreign Affairs including the Washington DC embassy of a European Union country. The victim count is likely larger but identifying them is difficult because the threat actor uses unique command and control infrastructure for each target.
The report notes the group used sites like Reddit, Twitter, and Imgur to deliver the URLs for some command-and-control servers, along with information hidden in images.
And another stage of its malware platform used an even more robust site for its command-and-control server: Dropbox.
Read more of this story at Slashdot.