- Tram Ho
The code hiding technique allows hackers to hide malware right on the site that is almost undetectable, making the attack possible for years without anyone knowing.
In network security operations, code hiding techniques or Steganography have been repeatedly warned by security researchers about its danger. Hidden code is a secret method of conveying messages, so that no one knows about the existence of the message, except for the sender and receiver. Meanwhile, cryptographic techniques are only used to hide data in messages but outsiders still know about the existence of that message.
The danger of hacking techniques is that hackers can cause the system to be poisoned for a long time without suspicion. This is also used by PLATINUM group, a hacker group against the government and related organizations in South Asia and Southeast Asia. The last activity of this group takes place in 2017.
The idea of this group has stopped working, but recently, when Kaspersky researchers discovered and investigated a very sophisticated cyber attack campaign to steal information from diplomatic organizations, the Government and South Asian troops, they concluded that the attacker behind this campaign was PLATINUM.
For PLATINUM's activities, the malware commands are embedded in the HTML code of the website. Taking advantage of the "tab" and "space" key characteristics that do not change the way HTML code is displayed on the web, the hacker group encrypts the commands in a specific sequence with these two keys. Therefore, these commands are almost impossible to detect in data circulating on the network.
To detect malware, researchers had to check for programs that could upload files to the device. In the process, experts notice an unusual activity – like accessing Dropbox and only running at certain times. Researchers later realized the purpose of this was to hide malware attack during office hours – when the attack was not suspected.
Alexey Shulmin, a security researcher at Kaspersky, said: “ During its existence, PLATINUM campaigns have been carefully planned. The malware used in this attack is no exception – in addition to code hiding techniques, other features allow them to operate and bypass security radar for a long time . ”
“ For example, it has the ability to switch commands not only from the command center but also from the infected machine to another machine. In this way, it can access devices with the same infrastructure as the hacked device (in a state of disconnection to the internet) . ”
“ Detecting threatening agents like PLATINUM with code hiding techniques is a sign that threats are becoming more sophisticated, and security solution providers need to pay close attention. in the process of developing our security products . ”
Therefore, in order to avoid becoming a victim of the attack, it is recommended that users do not download and launch any applications or programs from unreliable senders. Also on the computer the user should install security software solutions that can detect the attack early.
Source : Genk