PLATINUM (cybercrime group)

PLATINUM is the name given by Microsoft to a cybercrime collective active against governments and related organizations in South and Southeast Asia.[1] They are secretive and not much is known about the members of the group.[2] The group's skill means that its attacks sometimes go without detection for many years.[1]

The group, considered an advanced persistent threat, has been active since at least 2009,[3] targeting victims via spear-phishing attacks against government officials' private email addresses, zero-day exploits, and hot-patching vulnerabilities.[4][5] Upon gaining access to their victims' computers, the group steals economically sensitive information.[1]

In June 2017, PLATINUM became notable for exploiting the serial over LAN (SOL) capabilities of Intel's Active Management Technology to perform data exfiltration.[6][7][8][9][10][8][11][12][13]

References

  1. 1 2 3 "PLATINUM Targeted attacks in South andSoutheast Asia (PDF)" (PDF). Windows Defender Advanced Threat Hunting Team (Microsoft). 2016. Retrieved 2017-06-10.
  2. Osborne, Charlie. "Platinum hacking group abuses Windows patching system in active campaigns | ZDNet". ZDNet. Retrieved 2017-06-09.
  3. Eduard Kovacs (2017-06-08). ""Platinum" Cyberspies Abuse Intel AMT to Evade Detection". SecurityWeek.Com. Retrieved 2017-06-10.
  4. Eduard Kovacs (2016-04-27). ""Platinum" Cyberspies Abuse Hotpatching in Asia Attacks". SecurityWeek.Com. Retrieved 2017-06-10.
  5. msft-mmpc (2016-04-26). "Digging deep for PLATINUM – Windows Security". Blogs.technet.microsoft.com. Retrieved 2017-06-10.
  6. Peter Bright (2017-06-09). "Sneaky hackers use Intel management tools to bypass Windows firewall". Ars Technica. Retrieved 2017-06-10.
  7. Tung, Liam (2014-07-22). "Windows firewall dodged by 'hot-patching' spies using Intel AMT, says Microsoft". ZDNet. Retrieved 2017-06-10.
  8. 1 2 msft-mmpc (2017-06-07). "PLATINUM continues to evolve, find ways to maintain invisibility – Windows Security". Blogs.technet.microsoft.com. Retrieved 2017-06-10.
  9. Catalin Cimpanu (2017-06-08). "Malware Uses Obscure Intel CPU Feature to Steal Data and Avoid Firewalls". Bleepingcomputer.com. Retrieved 2017-06-10.
  10. Juha Saarinen (2017-06-08). "Hackers abuse low-level management feature for invisible backdoor - Security". iTnews. Retrieved 2017-06-10.
  11. Richard Chirgwin (2017-06-08). "Vxers exploit Intel's Active Management for malware-over-LAN. Platinum attack spotted in Asia, needs admin credentials". The Register. Retrieved 2017-06-10.
  12. Christof Windeck (2017-06-09). "Intel-Fernwartung AMT bei Angriffen auf PCs genutzt | heise Security". Heise.de. Retrieved 2017-06-10.
  13. "PLATINUM activity group file-transfer method using Intel AMT SOL | Windows Security Blog | Channel 9". Channel9.msdn.com. 2017-06-07. Retrieved 2017-06-10.


This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.