A group of innovative hackers used free services from Google and an Internet infrastructure company to disguise data stolen from corporate and government computers, a security firm reported.
FireEye discovered the campaign, dubbed Poisoned Hurricane, in March while analyzing traffic originating from systems infected with a remote access tool (RAT) the firm called Kaba, a variant of the better known PlugX.
The compromised computers were discovered in multiple U.S. and Asian Internet infrastructure service providers, a financial institution and an Asian government organization. FireEye did not disclose the name of the victims.
The unidentified hackers had used spear-phishing attacks to compromise the systems and then used the malware to steal sensitive information and send it to remote servers, FireEye said.
What was unique about the attackers was how they disguised traffic between the malware and command-and-control servers using Google Developers and the public Domain Name System (DNS) service of Fremont, Calif.-based, Hurricane Electric.
In both cases, the services were used as a kind of switching station to redirect traffic that appeared to be headed toward legitimate domains, such as adobe.com, update.adobe.com and outlook.com.
"It was a novel technique to hide their traffic," Ned Moran, senior threat intelligence researcher for FireEye, said Thursday.
Click headline to read more--