Share this:

Turla APT hackers use new software to crack TLS encrypted connections

New spyware called Reductor allows anonymous hackers to hack into web traffic. Thanks to an exclusive set of functions under the eloquent name RAT, the software allows you to monitor downloads, uploads, digital certificates and other user resources. In particular, forgery of the certificate will allow the hacker to change the site or spy on the actions and data of users without the knowledge of anyone.

How does software work? It finds a site certificate of type X509v3 in the root directory, and adds it to the host file on the victim’s machine. Also, using Pipe, remotely the hacker adds his own on top of the certificate.

Virus developers hack TLS without even touching the traffic; instead, they analyze the Firefox source code and the Chrome binary to control the corresponding functions for generating pseudo random numbers (needed in encryption). Random number generation is commonly used by browsers at the start of a connection to create a TLS signature.

Want to know more?

Send a message and our managers will contact you.