A suspected Russian state-sponsored cyber group is using a sophisticated strain of malware that mimics normal internet use to evade detection, according to security firm FireEye.
The Hammertoss malware uses Twitter, GitHub and cloud-based storage systems to relay commands and extract data from compromised networks, the company said.
FireEye has named the group APT29, and said in a report that the hackers add "layers of obfuscation" and copy the behaviour of legitimate users while lifting data from image files to cloud servers.
The security firm suspects that the group is sponsored by the Russian government because of the organisations it targets and the type of data that is stolen.
"APT29 appeared to cease operations on Russian holidays, and their work hours seem to align with the UTC +3 time zone, which contains cities such as Moscow and St Petersburg," the report explained.
The malware works by searching for a different Twitter account every day in order to receive instructions from the group. If the handle is active, the Hammertoss malware searches the tweet for a URL and hashtag and follows the link.
At this stage a seemingly legitimate image, that contains encrypted instructions, is opened by the malware and decrypted.
The commands include instructions on how to hack into the victim's network or files, and the information is then uploaded to a cloud-based storage system.
The FireEye report noted that the malware techniques are not new, but that the combination of different strains makes it difficult to identify the malicious activity on a network.
"Individually, each technique offers some degree of obfuscation for the threat group's activity. In combination, these techniques make it particularly hard to identify Hammertoss or spot malicious network traffic," the report said.
Michael Mimoso, writing for Kaspersky Lab's security website Threatpost, said that the threat is reminiscent of the espionage gang behind the Miniduke backdoor discovered in 2013.
Miniduke targeted government organisations and also used Twitter as an entry point.
Russia has been attempting to increase its cyber capabilities and has been implicated in a number of high-profile attacks in recent years.
Earlier this year, Russian hackers breached the US Department of Defence by exploiting an unpatched flaw in an old "legacy" computer system.
In 2014, continuing the trend of cyber espionage targeted towards the US, Russian hackers breached White House defences and accessed information on president Obama's appointments and movements.
Cotton seedling freezes to death as Chang'e-4 shuts down for the Moon's 14-day lunar night
Fortnite easily out-earns PUBG, Assassin's Creed Odyssey and Red Dead Redemption 2 in 2018
Meteor showers as a service will be visible for about 100 kilometres in all directions
Saturn's rings only formed in the past 100 million years, suggests analysis of Cassini space probe data
New findings contradict conventional belief that Saturn's rings were formed along with the planet about 4.5 billion years ago