Russia-based cybersecurity company Kaspersky, the Russian hacker group named Turla, the world’s two most popular Internet browser, Google Chrome and Mozilla Firefox, infiltrated systems, has detected encrypted web traffic monitoring.
In April 2019, Kaspersky announced on the official website that they discovered new malware that could compromise encrypted web traffic. The company reported that hackers have some control over encrypted web traffic by replacing HTTPS connections in Chrome and Firefox with infected ones.
Behind the attack targeting two web browsers, the Russian government is believed to operate under the protection of the hacker group is expressed that the attack. According to Kaspersky’s report, hackers infiltrate Chrome and Firefox systems with Remote Access Trojan (RAT).
This process consists of two steps: Hackers first install their own infected digital certificates on each host. This allows hackers to block TLS (Transport Layer Security) or Transport Layer Security traffic from the host.
TLS, which encrypts the data between the two communication applications in a secure way, is created with the so-called random number generator. Hackers manipulate this process with the new technique they use, enabling them to passively monitor encrypted web traffic.
Kaspersky cites Russia and Belarus as the center of the attack. Believed to have the support of the Moscow government, the hacker group named Turla, has attempted many attacks in the past that endangered internet service providers. It is estimated that the Putin administration, using hacker groups such as Turla, spies opponents and other political rivals.