Platinum Hackers Hijack Windows Hotpatching To Stay Hidden


http://learninghacker16.blogspot.co.id/2016/04/platinum-hackers-hijack-windows.html




"If the tool fails to inject code using hot patching, it reverts to attempting the other more common code injection techniques into common Windows processes, primarily targeting winlogon.exe, lsass.exe, and svchost.exe," Microsoft said in its report.

The hotpatching technique works against Windows Server 2003 Service Pack 1, Windows Server 2008, Windows Server 2008 R2, Windows Vista, and Windows 7. Platinum abused the technique in real-world attacks to hide its efforts from analysis.

The group has been using the Hotpatching technique to install the Dipsing, Adbupd and JPIN backdoors on networks belonging to governmental organizations, including defense organizations, intelligence agencies, diplomats and Internet Service Providers (ISPs) and then to steal sensitive data.

The goal of the attacks doesn’t appear to have been immediate financial gain; rather the Platinum APT group is up to a broader economic espionage campaign using stolen information.

The group has been targeting countries in South and Southeast Asia since at least 2009, with Malaysia being its biggest victim, following Indonesia, China, and India.
Though the Platinum group is still active, there is still a way for organizations and companies to avoid infection.

Microsoft's security experts explain that the hotpatching technique requires admin-level permissions, so the threat actors are sending spear-phishing emails that come with boobytrapped Office documents to infect each target.





 

Related Posts:

0 Response to "Platinum Hackers Hijack Windows Hotpatching To Stay Hidden"

Post a Comment