If you're not familiar with the term, 'Steganography' is the term used to describe the act of hiding code in images and video. It's a creative strategy that allows hackers to slip past even the most robust defenses. Recently, researchers at Kaspersky Lab have discovered evidence of a novel approach to using steganographic techniques. They were apparently developed by a group well-known for their innovation.
Platinum is an advanced, persistent threat group that security researchers around the globe have been tracking since 2012. The group has made headlines more than once for their creativity and for specifically targeting government, military, and diplomatic targets. What's interesting about Platinum's approach is that they've managed to embed malicious code into what appears to be legitimate text.
The Kaspersky Lab researchers happened across it almost by mistake, when they were tracking what they first believed to be two separate campaigns. The first being a back door that was implemented as a .DLL file that also worked as a WinSock Nameservice Provider (which is how it was able to maintain persistence). In the second, PowerShell scripts were being used to fingerprint systems for the purpose of basic data theft.
The Kaspersky Lab team connected the dots and reached the conclusion that rather than being two separate campaigns, the backdoor disguised as a .DLL is actually the second stage in one elaborate attack. Although what Platinum's ultimate purpose might remain unknown at this time.
The researchers had this to say about their recent discovery
"A couple of years ago, we predicted that more and more APT and malware developers would use steganography, and here is proof: the actors used two interesting steganography techniques in this APT ...one more interesting detail is that the actors decided to implement the utilities they need as one huge set - this reminds us of the framework-based architecture that is becoming more and more popular."
Unless you're working in a governmental or military facility, you're unlikely to be on Platinum's radar. Even if you're not, their strategies will no doubt filter out to the global community of hackers in due time. Stay vigilant.
Meanwhile, check out this report
This free executive report may give you insights into how to build your business with safe IT environments: 10 Hidden IT Risks That Might Threaten Your Business and 1 Easy Way to Find Them
I am Denis Wilson, President and Principal Consultant for DWP Information Architects. I help professionals grow their business by building a foundation of rock-solid information solutions for smaller healthcare, insurance, financial, legal, and nonprofits firms in Ventura County and San Fernando Valley. And have created cost-effective IT solutions, for over 20 years, specializing in cybersecurity and regulatory compliance. I am also a published author and speaker, working extensively with a variety of organizations, as well as providing small business technology education programs through business and professional associations. This just in: I will be speaking regularly at California Lutheran University's Center for Nonprofit Leadership starting soon.
Contact me if you would like me to speak at your association.