Our commitment to you – the Microsoft 365 Nation community member – is that we don’t want to forget to look up and beyond the baseline 365 infrastructure. You might be surprised by what you discover. Such is the case with our looksy at different payloads used by the bad guys, brought to you by contributor Denis Wilson.
Do you know about Steganography?
If you’re not familiar with the term, ‘Steganography’ is the term used to describe the act of hiding code in images and video. It’s a creative strategy that allows hackers to slip past even the most robust defenses. Recently, researchers at Kaspersky Lab have discovered evidence of a novel approach to using steganographic techniques. They were apparently developed by a group well-known for their innovation.
Platinum is an advanced, persistent threat group that security researchers around the globe have been tracking since 2012. The group has made headlines more than once for their creativity and for specifically targeting government, military, and diplomatic targets. What’s interesting about Platinum’s approach is that they’ve managed to embed malicious code into what appears to be legitimate text.
The Kaspersky Lab researchers happened across it almost by mistake, when they were tracking what they first believed to be two separate campaigns. The first being a back door that was implemented as a .DLL file that also worked as a WinSock Nameservice Provider (which is how it was able to maintain persistence). In the second, PowerShell scripts were being used to fingerprint systems for the purpose of basic data theft.
The Kaspersky Lab team connected the dots and reached the conclusion that rather than being two separate campaigns, the backdoor disguised as a .DLL is actually the second stage in one elaborate attack. Although what Platinum’s ultimate purpose might remain unknown at this time.
The researchers had this to say about their recent discovery
“A couple of years ago, we predicted that more and more APT and malware developers would use steganography, and here is proof: the actors used two interesting steganography techniques in this APT …one more interesting detail is that the actors decided to implement the utilities they need as one huge set – this reminds us of the framework-based architecture that is becoming more and more popular.”
Read more HERE.
This community is underwritten and supported by the Fortinet MSP partner program. Thank you