The Platinum APT (Advanced Persistent Threat) has remained active ever since it was first spotted back in 2009. The hacking group appears to operate in the Asia-Pacific region mainly, and it seems to target political organizations and high-ranking officials in the area. This is why cybersecurity researchers believe that a government in the region may be funding the operations of the Platinum APT, although these remain as speculations at this moment.
Makes Sure to Remain under the Radar of Security Tools
The Platinum hacking group has released a new tool named Titanium recently. The Titanium malware is a complex backdoor Trojan, which has a long list of capabilities. The Titanium Trojan’s self-preservation capabilities are impressive as this threat can detect malware debugging environments, anti-malware tools, and various security features especially. The Platinum hacking group appears to be utilizing several different infection vectors in the propagation of the Titanium backdoor Trojan. The actors behind the Titanium Trojan have made sure that this threat operates very silently to stay under the radar of the victim. To remain undetected, the Titanium Trojan injects the majority of its modules into the memory of the compromised host and makes sure to use barely any files. To hide the corrupted code of the Titanium Trojan, the operators of this threat use a Trojan Loader, so that anti-malware applications do not detect the threat. The creators of the Titanium backdoor Trojan also make sure that its code is obfuscated heavily and encrypted to reduce further the chances of anti-virus tools to spot its harmful activity.
Once the Titanium backdoor Trojan manages to infiltrate the targeted host, its operators can utilize it as a tool for espionage. Furthermore, the Titanium Trojan can serve as a backdoor for the attackers to plant additional threats on the infected system. When the Titanium backdoor Trojan has compromised a computer successfully, it will establish a connection with the attackers’ C&C (Command & Control) server and wait for commands. The Titanium Trojan is able to:
- Modify the system files on the computer.
- Download files from the Web.
- Execute files from the Web.
- Execute files received from its operators’ C&C server.
- Read files on the system.
- Exfiltrate files to its operators’ C&C server.
- Execute remote commands.
The Platinum APT remains an active and threatening hacking group, and we are yet to find out who they work for or what their end goal is.