A renowned Russian hacker group is attempting to spy on encrypted web traffic over browsers, according to a report by Kaspersky.
The perpetrators responsible for this exploit are known as Turla, a notorious hacker group that reportedly enjoys support from the Russian government.
The technique modifies the processes used by Google Chrome and Mozilla Firefox to set up secure connections over the HTTPS protocol and add small fingerprints to TLS-encrypted communication from infected systems.
The group firstly infects a user’s system with a remote access trojan called Reductor, which is used to install their own custom certificates that intercept TLS traffic being sent from hosts.
The browser installations are then altered to change the pseudo-random number generation (PRNG) functions that negotiate and establish TLS handshakes, allowing the addition of a per-victim fingerprint to each TLS action performed.
The reason why the hackers would develop the new exploit is not clear, as the Reductor trojan by itself would already allow full remote control over the infected system, making it possible to view the infected user’s web traffic.
ZDNet states that the technique may serve as a backup if victims were to remove the Reductor trojan with an anti-virus program but did not remove and reinstall their browser.