Cyberespionage group abuses Windows hotpatching mechanism for malware stealth
A cyberespionage group active in Asia has been leveraging a Windows feature known as hotpatching in order to better hide its malware from security products.
The group, which malware researchers from Microsoft call Platinum, has been active since at least 2009 and has primarily targeted government organizations, defense institutes, intelligence agencies and telecommunications providers in South and Southeast Asia, especially from Malaysia, Indonesia and China.
So far the group has used spear phishing — fraudulent emails that target specific organizations or individuals — as its main attack method, often combining it with exploits for previously unknown, or zero-day, vulnerabilities that install custom malware. It places great importance on remaining undetected.