Cyberespionage group abuses Windows hotpatching mechanism for malware stealth

Discussion in 'Off-Topic' started by Sefie, Apr 30, 2016.

  1. Sefie

    Sefie

    Joined:
    Jan 15, 2014
    Messages:
    947
    Likes Received:
    183
    A cyberespionage group active in Asia has been leveraging a Windows feature known as hotpatching in order to better hide its malware from security products.

    The group, which malware researchers from Microsoft call Platinum, has been active since at least 2009 and has primarily targeted government organizations, defense institutes, intelligence agencies and telecommunications providers in South and Southeast Asia, especially from Malaysia, Indonesia and China.

    So far the group has used spear phishing—fraudulent emails that target specific organizations or individuals—as its main attack method, often combining it with exploits for previously unknown, or zero-day, vulnerabilities that install custom malware. It places great importance on remaining undetected.

    http://www.pcworld.com/article/3061...otpatching-mechanism-for-malware-stealth.html
     
    Sefie, Apr 30, 2016
    #1
Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.