User:Strombetta20/sandbox
PLATINUM is the name given by Microsoft to a cybercrime collective active against governments and related organizations in South and Southeast Asia.[1] They are secretive and not much is known about the members of the group.[2] The group's skill means that its attacks sometimes go without detection for many years.[1]
The group, considered an advanced persistent threat, has been active since at least 2009,[3] targeting victims via spear-phishing attacks against government officials' private email addresses, zero-day exploits, and hot-patching vulnerabilities.[4][5] Upon gaining access to their victims' computers, the group steals economically sensitive information.[1]
In June 2017, PLATINUM became notable for exploiting the serial over LAN (SOL) capabilities of Intel's Active Management Technology to perform data exfiltration.[6][7][8][9][10][8][11][12][13]
PLATINUM's Malware[edit]
Microsoft's' Windows Defender Advanced Threat Hunting team released a report which outlines some of PLATINUM'S activities and methods[1]. Some of their less popular tactics include attacks on web plugins, at one point using a website that provided an email service to infiltrate the computers of several Indian government officials 2009[1]. Once in control of their target's computer, they can move through their network using specially built malware which is either made my one of the multiple teams they're believed to have or sold through an outside source 2009[1].
Because of the range of these malwares, and because they have little code in common, Microsoft has split them into families, the most popular of which is named Dispind (Microsoft-given name)[1]. Such a program can install a keylogger, a software that monitors and controls all strokes on a keyboard, also called keystroke logging
PLATINUM also uses other collectives like "JPIN" which installs itself into the %appdata% folder of a computer so that it can obtain information, load a Key Logger, download files and updates, and other tasks like extracting files that could contain sensitive information[1].
"Adbupd" is another malware program similar to the two previously mentioned. It's known for its ability to support plugins, so it can be specialized and proves versatile enough to adapt to any user-set-up protective measures[1].
With such ambitious projects, PLATINUM needs a way to cover its own tracks and remain undetected, and so far they have succeeded in keeping a low profile, keeping off the front of any news pages until their infamous abuse of windows' hot patching system.[14] This hot patching method allows them to use Microsoft's own features to quickly patch, alter files or update an application, without rebooting the system altogether, this way, they can maintain the data they've stolen while masking their identity[15]
Intel Exploit[edit]
Recently, Microsoft has discovered that PLATINUM has begun to exploit a feature on Intel's processor chip [16] The feature in question is Intel's AMT Serial-over-LAN (SOL), which allows a user to remotely control another system, despite the absence of an operating system on the controlled system [16]. The absence of an operating system means that activity is safe from firewalls or any monitoring tools that Microsoft could have set up [16].
Security[edit]
Microsoft advises users to apply all of their security updates to minimize vulnerabilities and to keep highly sensitive data out of large networks.[1] Because PLATINUM targets organizations, companies and government branches to acquire trade secrets, anyone working in or with such organizations can be a target for the group. [17]
References[edit]
- ^ a b c d e f g h i j "PLATINUM Targeted attacks in South andSoutheast Asia (PDF)" (PDF). Windows Defender Advanced Threat Hunting Team (Microsoft). 2016. Retrieved 2017-06-10.
- ^ Osborne, Charlie. "Platinum hacking group abuses Windows patching system in active campaigns | ZDNet". ZDNet. Retrieved 2017-06-09.
- ^ Eduard Kovacs (2017-06-08). ""Platinum" Cyberspies Abuse Intel AMT to Evade Detection". SecurityWeek.Com. Retrieved 2017-06-10.
- ^ Eduard Kovacs (2016-04-27). ""Platinum" Cyberspies Abuse Hotpatching in Asia Attacks". SecurityWeek.Com. Retrieved 2017-06-10.
- ^ msft-mmpc (2016-04-26). "Digging deep for PLATINUM – Windows Security". Blogs.technet.microsoft.com. Retrieved 2017-06-10.
- ^ Peter Bright (2017-06-09). "Sneaky hackers use Intel management tools to bypass Windows firewall". Ars Technica. Retrieved 2017-06-10.
- ^ Tung, Liam (2014-07-22). "Windows firewall dodged by 'hot-patching' spies using Intel AMT, says Microsoft". ZDNet. Retrieved 2017-06-10.
- ^ a b msft-mmpc (2017-06-07). "PLATINUM continues to evolve, find ways to maintain invisibility – Windows Security". Blogs.technet.microsoft.com. Retrieved 2017-06-10.
- ^ Catalin Cimpanu (2017-06-08). "Malware Uses Obscure Intel CPU Feature to Steal Data and Avoid Firewalls". Bleepingcomputer.com. Retrieved 2017-06-10.
- ^ Juha Saarinen (2017-06-08). "Hackers abuse low-level management feature for invisible backdoor - Security". iTnews. Retrieved 2017-06-10.
- ^ Richard Chirgwin (2017-06-08). "Vxers exploit Intel's Active Management for malware-over-LAN. Platinum attack spotted in Asia, needs admin credentials". The Register. Retrieved 2017-06-10.
- ^ Christof Windeck (2017-06-09). "Intel-Fernwartung AMT bei Angriffen auf PCs genutzt | heise Security". Heise.de. Retrieved 2017-06-10.
- ^ "PLATINUM activity group file-transfer method using Intel AMT SOL | Windows Security Blog | Channel 9". Channel9.msdn.com. 2017-06-07. Retrieved 2017-06-10.
- ^ Osborne, Charlie. "Platinum hacking group abuses Windows patching system in active campaigns | ZDNet". ZDNet. Retrieved 2017-06-09.
- ^ Cite error: The named reference
zdnet2017was invoked but never defined (see the help page). - ^ a b c "Platinum hacker group uses Intel AMT", Tad Group, 2017-09-25
- ^ Liu, Jianhong (2017-07-15). Comparative Criminology in Asia. Springer.
 | This crime-related article is a stub. You can help Wikipedia by expanding it. |
 | This computer security article is a stub. You can help Wikipedia by expanding it. |