Hacking group “PLATINUM” used Windows’ own patching system against it
Microsoft’s Windows Defender Advanced Threat Hunting team works to track down and identify hacking groups that perpetrate attacks. The focus is on the groups that are the most selective about their targets and that work the hardest to stay undetected. The company wrote today about one particular group that it has named PLATINUM.
The unknown group has been attacking targets in South East Asia since at least 2009, with Malaysia being its biggest victim, with just over half the attacks, and Indonesia in second place. Almost half of the attacks were aimed at government organizations of some kind, including intelligence and defense agencies, and a further quarter of the attacks were aimed at ISPs. The goal of these attacks does not appear to have been immediate financial gain—these hackers weren’t after credit cards and banking details—but rather broader economic espionage using stolen information.
Microsoft doesn’t appear to know a great deal about the team doing the hacking. The team has often used spear-phishing to initially penetrate target networks and seems to have taken great pains to hide its attacks. For example, it has used self-deleting malware to cover its tracks, customized malware to evade anti-virus detection, and malware that limits its network activity to only be active during business hours, so its traffic is harder to notice. Redmond suggests that the adversary is likely a government organization of some kind, due to its organization and the kinds of data it has sought to steal.