Hacking group “PLATINUM” used Windows’ own patching system against it

Platinum mass & well-formed crystals from Russia. (public display, Carnegie Museum of Natural History, Pittsburgh, Pennsylvania, USA) (credit: James St. John)

Microsoft's Windows Defender Advanced Threat Hunting team works to track down and identify hacking groups that perpetrate attacks. The focus is on the groups that are most selective about their targets and that work hardest to stay undetected. The company wrote today about one particular group that it has named PLATINUM.

The unknown group has been attacking targets in South East Asia since at least 2009, with Malaysia being its biggest victim with just over half the attacks, and Indonesia in second place. Almost half of the attacks were aimed at government organizations of some kind, including intelligence and defense agencies, and a further quarter of the attacks were aimed at ISPs. The goal of these attacks does not appear to have been immediate financial gain—these hackers weren't after credit cards and banking details—but rather broader economic espionage using stolen information.

Microsoft doesn't appear to know a great deal about the team doing the hacking. They have often used spear-phishing to initially penetrate target networks and seem to have taken great pains to hide their attacks. For example, they've used self-deleting malware to cover their tracks, customized malware to evade anti-virus detection, and malware that limits its network activity to only be active during business hours, so its traffic is harder to notice. Redmond suggests that the adversary is likely a government organization of some kind, due to its organization and the kinds of data it has sought to steal.

Read 6 remaining paragraphs | Comments