1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Cyberespionage group abuses Windows hotpatching mechanism for malware stealth

Discussion in 'CSO' started by RSS, Apr 27, 2016.

  1. RSS

    RSS New Member Member

    A cyberespionage group active in Asia has been leveraging a Windows feature known as hotpatching in order to better hide its malware from security products.

    The group, which malware researchers from Microsoft call Platinum, has been active since at least 2009 and has primarily targeted government organizations, defense institutes, intelligence agencies and telecommunications providers in South and Southeast Asia, especially from Malaysia, Indonesia and China.

    ALSO: How to respond to ransomware threats

    So far the group has used spear phishing -- fraudulent emails that target specific organizations or individuals -- as its main attack method, often combining it with exploits for previously unknown, or zero-day, vulnerabilities that install custom malware. It places great importance on remaining undetected.

    To read this article in full or to leave a comment, please click here

    Continue reading...
     

Share This Page