When you’re a bad guy breaking into a network, the first problem you need to solve is, of course, getting into the remote system and running your malware on it. But once you’re there, the next challenge is usually to make sure that your activity is as hard to detect as possible. Microsoft has detailed a neat technique used by a group in Southeast Asia that abuses legitimate management tools to evade firewalls and other endpoint-based network monitoring.
The group, which Microsoft has named PLATINUM, has developed a system for sending files—such as new payloads to run and new versions of their malware—to compromised machines.
