"Notorious Russian Spies Piggybacked on Other Hackers' USB Infections"

In 2008, Turla, a Russian cyberespionage group, gained notoriety as the hackers behind agent.btz, a piece of malware that spread throughout the US Department of Defense's (DOD) computers via infected USB devices inserted by Pentagon employees. The same group now appears to be attempting a new variation of this approach, which involves hijacking the USB infections of other hackers in order to piggyback on their infections and choose their spying targets. Mandiant has disclosed that it discovered an incident in which Turla hackers accessed victim networks by registering the expired domains of nearly a decade-old cybercriminal malware that spread through infected USB drives. Turla was able to seize control of the malware's command-and-control (C2) servers and sift through its victims to identify those worthy of espionage targeting. This strategy allows Turla to remain undiscovered by hiding itself within the footprints of other hackers while scouring a broad assortment of networks. This article continues to discuss the Russian cyberespionage group Turla piggybacking on other hackers' USB infections. 

Wired reports "Notorious Russian Spies Piggybacked on Other Hackers' USB Infections"