User:Strombetta20/sandbox

PLATINUM is the name given by Microsoft to a cybercrime collective active against governments and related organizations in South and Southeast Asia. They are secretive and not much is known about the members of the group. The group's skill means that its attacks sometimes go without detection for many years.

The group, considered an advanced persistent threat, has been active since at least 2009, targeting victims via spear-phishing attacks against government officials' private email addresses, zero-day exploits, and hot-patching vulnerabilities. Upon gaining access to their victims' computers, the group steals economically sensitive information.

In June 2017, PLATINUM became notable for exploiting the serial over LAN (SOL) capabilities of Intel's Active Management Technology to perform data exfiltration.

=PLATINUM's Malware= Microsoft's' Windows Defender Advanced Threat Hunting team released a report which outlines some of PLATINUM'S activities and methods. Some of their less popular tactics include attacks on web plugins, at one point using a website that provided an email service to infiltrate the computers of several Indian government officials 2009. Once in control of their target's computer, they can move through their network using specially built malware which is either made my one of the multiple teams they're believed to have or sold through an outside source 2009.

Because of the range of these malwares, and because they have little code in common, Microsoft has split them into families, the most popular of which is named Dispind (Microsoft-given name). Such a program can install a keylogger, a software that monitors and controls all strokes on a keyboard, also called keystroke logging

PLATINUM also uses other collectives like "JPIN" which installs itself into the %appdata% folder of a computer so that it can obtain information, load a Key Logger, download files and updates, and other tasks like extracting files that could contain sensitive information.

"Adbupd" is another malware program similar to the two previously mentioned. It's known for its ability to support plugins, so it can be specialized and proves versatile enough to adapt to any user-set-up protective measures.

With such ambitious projects, PLATINUM needs a way to cover its own tracks and remain undetected, and so far they have succeeded in keeping a low profile, keeping off the front of any news pages until their infamous abuse of windows' hot patching system. This hot patching method allows them to use Microsoft's own features to quickly patch, alter files or update an application, without rebooting the system altogether, this way, they can maintain the data they've stolen while masking their identity

=Intel Exploit= Recently, Microsoft has discovered that PLATINUM has begun to exploit a feature on Intel's processor chip The feature in question is Intel's AMT Serial-over-LAN (SOL), which allows a user to remotely control another system, despite the absence of an operating system on the controlled system. The absence of an operating system means that activity is safe from firewalls or any monitoring tools that Microsoft could have set up.

=Security=

Microsoft advises users to apply all of their security updates to minimize vulnerabilities and to keep highly sensitive data out of large networks. Because PLATINUM targets organizations, companies and government branches to acquire trade secrets, anyone working in or with such organizations can be a target for the group.