Hackers Placing Hidden, Malicious Code In Media

July 1, 2019

Written by wukovits

If you’re not familiar with the term, ‘Steganography’ is the term used to describe the act of hiding code in images and video.  It’s a creative strategy that allows hackers to slip past even the most robust defenses. Recently, researchers at Kaspersky have discovered evidence of a novel approach to using steganographic techniques. They were apparently developed by a group well-known for their innovation.

Platinum is an advanced, persistent threat group that security researchers around the globe have been tracking since 2012.  The group has made headlines more than once for their creativity and for specifically targeting government, military, and diplomatic targets. What’s interesting about Platinum’s approach is that they’ve managed to embed malicious code into what appears to be legitimate text.

The Kaspersky researchers happened across it almost by mistake, when they were tracking what they first believed to be two separate campaigns.  The first being a back door that was implemented as a .DLL file that also worked as a WinSock Nameservice Provider (which is how it was able to maintain persistence).  In the second, PowerShell scripts were being used to fingerprint systems for the purpose of basic data theft.

The Kaspersky team connected the dots and reached the conclusion that rather than being two separate campaigns, the backdoor disguised as a .DLL is actually the second stage in one elaborate attack. Although what Platinum’s ultimate purpose might be remains unknown at this time.

The researchers had this to say about their recent discovery: 

“A couple of years ago, we predicted that more and more APT and malware developers would use steganography, and here is proof:  the actors used two interesting steganography techniques in this APT…one more interesting detail is that the actors decided to implement the utilities they need as one huge set – this reminds us of the framework-based architecture that is becoming more and more popular.”

Unless you’re working in a governmental or military facility, you’re unlikely to be on Platinum’s radar. Even if you’re not, their strategies will no doubt filter out to the global community of hackers in due time.  Stay vigilant.

Used with permission from Article Aggregator

Bayou Tech

We provide solutions for your business. Find out how we can help.

Related Articles

Unlocking Small Business Success: The Impact of AI in a Digital Era

In the rapidly evolving business landscape, staying competitive necessitates embracing technological advancements. Artificial Intelligence (AI), once perceived as a luxury for larger enterprises, is now accessible to small businesses, offering new opportunities for...

New Graphene Technology May Increase Hard Drive Storage

HDDs are old, well understood technology. They haven't changed much in recent years. In fact, increasingly, people are writing them off, preferring SSDs for their greater speed and smaller size, even though HDDs are less expensive. The clever folks at the University...

Some Amazon Device Features May Have Security Risks

Have you heard of Amazon Sidewalk? If not, it's definitely something you should be aware of. Depending on your point of view, the new feature, which was enabled by default on a wide range of Amazon devices by default on June 8 of this year (2021) is either...

Send us a message

Your message was sent.