Posted on Thursday, June 08 2017 @ 18:21 CEST by Thomas De Maesschalck
Microsoft provides details about a new hacking technique used by Platinum. The hacker group is now using Active Management Technology (AMT), a feature of Intel processors, to make the network traffic that it generates invisbible to firewall and network monitoring software running on the host device. This is the first case of malware abusing the controversial AMT feature.
Since the 2016 publication, Microsoft has come across an evolution of PLATINUM’s file-transfer tool, one that uses the Intel® Active Management Technology (AMT) Serial-over-LAN (SOL) channel for communication. This channel works independently of the operating system (OS), rendering any communication over it invisible to firewall and network monitoring applications running on the host device. Until this incident, no malware had been discovered misusing the AMT SOL feature for communication.
Upon discovery of this unique file-transfer tool, Microsoft shared information with Intel, and the two companies collaborated to analyze and better understand the purpose and implementation of the tool. We confirmed that the tool did not expose vulnerabilities in the management technology itself, but rather misused AMT SOL within target networks that have already been compromised to keep communication stealthy and evade security applications.
Full details
at TechNet. AMT is found on Intel vPro CPUs and chipsets and is used to remotely manage systems.
