Researchers have company Kaspersky Lab on the campaign spy electronic complex designed to steal information from entities, diplomatic, government and military in the countries of South Asia, and continued protection of nearly six years, and had no connections to the attacks last discovered in the region.
Helped the investigation – which focused on the tools and methods used in the bathroom – researchers to the conclusion that the underlying protection is the trade group of subversive activist against governments and organizations in the south and South-East Asia (Platinum).
It was believed that this group has ended, for gaining access to use the method of steganography, or hiding information, to maintain the activity of their sabotage in the invisible for a long time.
And the researchers of Kaspersky Lab from the risk of a stego (Steganography), which is the practice of purifying the data format is hidden completely, this method differs from the factorization (Cryptography), which hides only the data, without to hide the sent.
Can car trade to stay within an infected system for a long time without exciting any suspicion, and through the committee to a stego, who helped set (Platinum), to stay hidden for years, after the last activity in the year 2017.
Related topics what you read now:
During the process (Platinum) newly discovered embed the commands to the malware in the instructions (the HTML) within a web site, and programmed those instructions disruptive across a specific sequence, therefore, was almost impossible to discover commands in the data traffic over the network.
It seemed that the malicious software was able to access the web site is questionable, and it wasn’t the arrival of this remarkable in the total traffic.
The researchers control of software capable of downloading files to the device, they noted that among its software to behave in a strange way, like access to public cloud service Dropbox (Dropbox) and programmed to work at certain times only.
I realize the researchers that this has got to hide the activity of the malicious software, which was the implementation of the activity of its malignant processes of the University during normal working hours, the program download the files, save data files, the confidentiality of the source device transfers.
Description Alexey Scholl’s, security researcher at Kaspersky Lab, campaigns (Platinum), down to the minute and diligent, considering that the software and malware used in this attack is not different from it.
He said: irrespective of the fact that the group’s disruptive resorted to the method of a stego, and it had other advantages allowed her to move away from the security control for a long time.
He added, “Can this programming command transmission from the command center, and from an infected device to another, and through this way to machines that were part of the same infrastructure, but it is not connected to the internet, such as devices important to safety”.
Completed a security researcher said: form of sabotage on the application of the method to hide information is a sign of the increasing sophistication of the methods of Advanced Persistent Threats, in order to be able to move away from oversight, and the security companies put that into consideration when building security solutions development.
Recommends Kaspersky Lab take the following measures to reduce the risk of falling victim to the operations of the trade cutting-edge electronic:
- Staff training on security awareness, and ways to identify the applications or files that are potentially malicious, employees should not download any application from untrusted sources or unknown.
- Employing specialized solutions, such as Kaspersky Endpoint Detection and Response, to detect threats at the level of terminal points, are investigated and processed in a timely manner.
- Employing security solution corporate capable of detecting advanced threats on the network level in an early stage, such as Kaspersky Anti Targeted Attack Platform.
- Give the group security operation center the ability to access the latest information related to threats, and keep abreast of tools, techniques and methods new and emerging technologies, used by the subversive.