Microsoft Uncovers Attack Group Platinum That Uses Windows Hot-Patching Technique

A hidden utility in Windows computers called hot-patching, not existing inside the operating system from the time Windows 8 was introduced, has become a useful tool for Platinum, an attack group, reveals Microsoft.

Launching targeted assaults, the group spread in Southern and Southeastern counties of Asia beginning 2009. Its interest was particularly government related, so targeted diplomats, defense organizations, government agencies, telecommunication companies and intelligence agencies.

Microsoft uses hot-patching for releasing updates which leverage running processes, as well as upgrade operating system or other applications devoid of requiring computer rebooting. The utility's introduction started through Windows Server 2003 while it was later eliminated within Windows 8 because by then Microsoft realized the mistake committed.

Although assaults haven't ever been documented with the aid of this technique till the present time, security investigators have shown how lethal it was, during different security conferences.

As per Microsoft, Platinum has utilized a minimum of four 0-day exploits within its assaults that aren't exceeded beyond a few each annum so as for remaining undetected. The majority of victims belonged to China, Indonesia and Malaysia.

Exploitation of hot-patching in Windows lets attackers to insert malware inside active processes devoid of even restarting the server. For the utility to work, admin privileges are needed, hence attackers must first be able to access the system for applying the technique. Threatpost.com posted this, April 27, 2016.

Platinum, according to Microsoft, has been applying hot-patching technique via dispatching spear-phishing e-mails, which contain booby-trapped Office files. If recipients open these files, well-known security flaws alternatively first encountered 0-day exploits are employed for contaminating PCs with malicious code which gives the attacker admin rights followed with the ability to execute one malevolent hot-patching operation.

Microsoft notes that a considerable monetary investment is needed for gathering and implementing 0-day exploits for attacks of this level, therefore, the group possibly gets sponsorship from some state actor or some big criminal organization.

Hot-patching, in the form of a methodology overall, isn't for Windows computers solely. Criminals used it last winter and autumn for thrusting malevolent updates into iOS applications, circumventing the App Store of Apple's examination process.

» SPAMfighter News - 5/3/2016