If you use Google's Chrome browser for web connectivity, you're about to get a new feature you'll probably fall in...read more
Hackers Placing Hidden, Malicious Code In Media
Published on: July 03rd, 2019
If you’re not familiar with the term, ‘Steganography’ is the term used to describe the act of hiding code in images and video. It’s a creative strategy that allows hackers to slip past even the most robust defenses. Recently, researchers at Kaspersky have discovered evidence of a novel approach to using steganographic techniques. They were apparently developed by a group well-known for their innovation.
Platinum is an advanced, persistent threat group that security researchers around the globe have been tracking since 2012. The group has made headlines more than once for their creativity and for specifically targeting government, military, and diplomatic targets. What’s interesting about Platinum’s approach is that they’ve managed to embed malicious code into what appears to be legitimate text.
The Kaspersky researchers happened across it almost by mistake, when they were tracking what they first believed to be two separate campaigns. The first being a back door that was implemented as a .DLL file that also worked as a WinSock Nameservice Provider (which is how it was able to maintain persistence). In the second, PowerShell scripts were being used to fingerprint systems for the purpose of basic data theft.
The Kaspersky team connected the dots and reached the conclusion that rather than being two separate campaigns, the backdoor disguised as a .DLL is actually the second stage in one elaborate attack. Although what Platinum’s ultimate purpose might be remains unknown at this time.
The researchers had this to say about their recent discovery:
“A couple of years ago, we predicted that more and more APT and malware developers would use steganography, and here is proof: the actors used two interesting steganography techniques in this APT…one more interesting detail is that the actors decided to implement the utilities they need as one huge set – this reminds us of the framework-based architecture that is becoming more and more popular.”
Unless you’re working in a governmental or military facility, you’re unlikely to be on Platinum’s radar. Even if you’re not, their strategies will no doubt filter out to the global community of hackers in due time. Stay vigilant.
You might also like
With an evolving business comes expanding technological needs. If your business is sending you any of these signs that it’s time to update your technology.
Three hospitals in Alabama remained closed Wednesday “to all but the most critical new patients” due to a ransomware attack...read more