A new type of cyber-spying campaign was detected by FireEye researchers, one it suspects to be tied to a Russian state-sponsored group previously analyzed by Kaspersky and known under the name of Turla.
This time around, as FireEye reports, the group has breached and infected over 100 websites that have a business and government audience.
Instead of stealing data from the websites, or leaving malware behind to infect visitors, the group has added a small piece of code that redirects some of the site's users to one of its servers.
Here, details about each user are logged, and users are also inoculated with a supercookie that's difficult to find and delete from their computer.
This supercookie continues to broadcast data whenever users visit other infected websites. If a victim visits multiple of these infected sites, the group may be alerted to investigate particular users further.