Friday , April 16 2021

One of the world’s most advanced hacking groups debuts new Titanium backdoor, Ars Technica



Malware hides at every step by mimicking common software in long multi-stage execution.





One of the world’s most advanced hacking groups debuts new Titanium backdoor

One of the world most most technologically advanced hacking groups has a new backdoor that’s every bit as sophisticated as its creators.

Dubbed Titanium by the Kaspersky Lab security researchers who discovered it, the malware is the final payload delivered in a long and convoluted attack sequence. The attack chain uses a host of clever tricks to evade antivirus protection. Those tricks include encryption, mimicking of common device drivers and software, memory-only infections, and a series of droppers that execute the malicious code a multi-staged sequence. Yet another means of staying under the radar is hidden data deliveredsteganographicallyin a PNG image.

Named after a password used to encrypt a malicious archive, Titanium was developed by Platinum, a so-called advanced persistent threat group that focuses hacks on the Asia-Pacific region, most likely on behalf of a nation.

“The Titanium APT has a very complicated infiltration scheme,” Kaspersky Lab researcherswrote in a post. “It involves numerous steps and requires good coordination between all of them. In addition, none of the files in the file system can be detected as malicious due to the use of encryption and fileless technologies. One other feature that makes detection harder is the mimicking of well-known software. ”

Titanium uses several different methods to initially infect its targets and spread from computer to computer. One is a local intranet that has already been compromised with malware. Another vector is anSFXarchive containing a Windows installation task. A third is shellcode that gets injected into the winlogon.exe process (it’s still unknown how this happens). The end result is a stealthy and full-featured back door that can:

  • Read any file from a file system and send it to an attacker-controlled server
  • Drop a file onto or delete it from the file system
  • Drop a file and run it
  • Run a command line and send execution results to the attacker’s control server
  • Update configuration parameters (except the AES encryption key)

Platinum has been operating since at least 2009, according to adetailed report Microsoft published in 2016. The group is primarily focused on the theft of sensitive intellectual property related related to government interests. Platinum often relies on spear phishing and zero-day exploits.

Interestingly, Kaspersky Lab says it has yet to detect any current activity related to Titanium. It’s not clear if that’s because the malware isn’t in use or if it’s just too hard to detect infected computers.



Brave Browser
Read More

About admin

Check Also

World is now applauding Modi: Amit Shah – Times of India, The Times of India

World is now applauding Modi: Amit Shah – Times of India, The Times of India

NEW DELHI: Home minister Amit Shah on Thursday tweeted how Prime Minister Narendra Modi had won laurels globally for handling the Covid-19 crisis in the country on a day when Congress president Sonia Gandhi questioned the central government’s response to the pandemic. “Truth is self evident. Entire world is praising PM Narendra Modi, the way…

Leave a Reply

Your email address will not be published. Required fields are marked *