Hammertoss makes use of Twitter and Github to transfer its attack payloads and hide from view. Because it uses these common sites that are visited by millions, the notion is that its network traffic patterns are normally hard to detect. But hidden in these interactions are directions for the malware to download an image from Github, extract encrypted instructions and then finally upload a victimized PCs data to its servers. The group operates during the appropriate time zones and local Russian holidays, supporting this hypothesis.”]
Source: https://securityintelligence.com/hammertoss-what-me-worry/

