Express Computer
Home  »  Security  »  Hacking group uses steganography to fly under security radar

Hacking group uses steganography to fly under security radar

Steganography is the practice of transferring data in a concealed format where the very fact that data is being sent is disguised

0 188

Kaspersky researchers have uncovered a highly sophisticated cyberespionage campaign aimed at stealing information from South Asian diplomatic, government and military entities. The campaign lasted almost six years and had ties to other recent attacks detected in the region. Further investigation into the tools and methods used in the campaign led researchers to the conclusion that the attacker behind it is the PLATINUM group – a cyberespionage actor that they thought had gone.

For the activity to remain unseen for such a long time, the group encoded its information using a technique called steganography, which conceals the fact that there is any information there at all.
Security researchers have been warning about the dangers of steganography for a while now.

Steganography is the practice of transferring data in a concealed format where the very fact that data is being sent is disguised. In this way it differs from cryptography, which only conceals the data. By using steganography, cyberespionage actors can remain in an infected system for a very long time without arousing any suspicion. This was the method used by the PLATINUM group, a cyberthreat collective acting against governments and related organizations in South and Southeast Asia, whose last known activity had been reported back in 2017.

In the case of the newly discovered PLATINUM operation, the malware commands were embedded in the HTML-code of a website. The ‘tab’ and ‘space bar’ keys on a keyboard do not change how HTML-code is reflected on a web-page, so the threat actors encoded the commands in a specific sequence of these two keys. As a result, the commands were almost impossible to detect in the network traffic, as the malware merely appeared to access an unsuspicious website that was unnoticeable in the overall traffic.

To detect the malware, researchers had to check programs that were capable of uploading files to the device. Among them, the experts noticed one that acted strangely – for instance, it accessed the public cloud service Dropbox for administration and was programmed to work only at certain times. The researchers later realized this was done to hide the malware activity among processes operating during normal working hours, when its behavior wouldn’t arouse suspicion. In fact the downloader was exfiltrating and uploading data and files to and from the infected device.

“Throughout its known existence, PLATINUM’s campaigns have been elaborate and thoroughly crafted. The malware used in this attack is no exception – apart from the steganography, it had other features that allowed it to fly and operate under the radar for a long time. For example, it could transfer commands not only from the command center, but also from one infected machine to another. In this way, they could reach devices that were part of the same infrastructure as the attacked devices, but which were not connected to the internet. All in all, seeing threat actors like PLATINUM implementing steganography is a sign that advanced persistent threats are increasing the sophistication of their methods significantly to fly under the radar, and security vendors should keep it in mind when developing their security soultions,” said Alexey Shulmin, security researcher at Kaspersky.

Get real time updates directly on you device, subscribe now.

Leave A Reply

Your email address will not be published.

LIVE Webinar

Digitize your HR practice with extensions to success factors

Join us for a virtual meeting on how organizations can use these extensions to not just provide a better experience to its’ employees, but also to significantly improve the efficiency of the HR processes
REGISTER NOW 

Stay updated with News, Trending Stories & Conferences with Express Computer
Follow us on Linkedin
India's Leading e-Governance Summit is here!!! Attend and Know more.
Register Now!
close-image
Attend Webinar & Enhance Your Organisation's Digital Experience.
Register Now
close-image
Enable A Truly Seamless & Secure Workplace.
Register Now
close-image
Attend Inida's Largest BFSI Technology Conclave!
Register Now
close-image
Know how to protect your company in digital era.
Register Now
close-image
Protect Your Critical Assets From Well-Organized Hackers
Register Now
close-image
Find Solutions to Maintain Productivity
Register Now
close-image
Live Webinar : Improve customer experience with Voice Bots
Register Now
close-image
Live Event: Technology Day- Kerala, E- Governance Champions Awards
Register Now
close-image
Virtual Conference : Learn to Automate complex Business Processes
Register Now
close-image