Group: PLATINUM

From enterprise
Jump to: navigation, search
PLATINUM
Group
ID G0068
Aliases PLATINUM
Contributors Ryan Becwar

PLATINUM is an activity group that has targeted victims since at least 2009. The group has focused on targets associated with governments and related organizations in South and Southeast Asia.1

Alias Descriptions

  • PLATINUM - 1

Techniques Used

  • Spearphishing Attachment - PLATINUM has sent spearphishing emails with attachments to victims as its primary initial access vector.1
  • Drive-by Compromise - PLATINUM has sometimes used drive-by attacks against vulnerable browser plugins.1
  • Credential Dumping - PLATINUM has used keyloggers that are also capable of dumping credentials.1
  • Process Injection - PLATINUM has used various methods of process injection including hot patching.1
  • Hooking - PLATINUM is capable of using Windows hook interfaces for information gathering such as credential access.1
  • Remote File Copy - PLATINUM has transferred files using the Intel® Active Management Technology (AMT) Serial-over-LAN (SOL) channel.2
  • User Execution - PLATINUM has attempted to get users to open malicious files by sending spearphishing emails with attachments to victims.1

Software