For those that deal with the Russian state sponsored hacking group APT 28 which has been involved in the DNC hacking....and lately against the French Presidential candidate Marcon.

For those that actively track Russian hacking events...this is a highly interesting read that can in fact be easily replicated as a defense mechanism to APT 28...intrusions.

http://securityaffairs.co/wordpress/...8-traffic.html

Security experts from security firm Redsocks published an interesting report on how to crack APT28 traffic in a few seconds.

Introduction
APT28 is a hacking group involved in many recent cyber incidents. The most recent attack allegedly attributed to this group is the one to French presidential candidate#Emmanuel Macron’s campaign. Incident response to this Advanced Persistent Threats (APT) and damage limitation heavily relies on network traffic investigation.
In late 2016, Redsocks security identified one expired domain attributed to APT28. Our effort to sinkhole APT28 based on using this domain was impeded by the encrypted communication channel. Although many published white papers concerning APT28 such as ESET mentions RC4 encryption algorithm, they do not dig into the details of the used key and the details of APT28 implementation of RC4; whether the key is static and breakable. In this report, we aim to reveal the result of our comprehensive dynamic analysis of x-agent malware towards decrypting its traffic. We started our investigation by using one of the APT28 droppers (see Table 1).