Hackers abuse low-level management feature for invisible backdoor

By
Follow google news

Intel's AMT used as malware comms channel.

A hacking group has devised a unique technique that allows them to use a low-level Intel systems management feature to create a backdoor for the invisible transfer of files and malware, according to Microsoft security researchers.

Hackers abuse low-level management feature for invisible backdoor

The group, called Platinum by Microsoft, has abused the Intel Active Management Serial-over-LAN feature on vPRo processors and chipsets to enable a silent communications channel for malware already planted on servers.

As the Intel AMT SoL feature works independently of, and outside the control of the computer operating system, Platinum was able to use it to bypass firewalls and security software that monitor traffic for anomalies.

The feature works even with the network card disabled, Microsoft said.

So far, the file transfer tool has been found only in a dozen systems.

The AMT SoL feature would be difficult to exploit on a larger scale, as it is not enabled by default and requires administrator privilege to be provisioned on workstations.

Microsoft said it is not known if Platinum was able to provision workstations with AMT SoL, or piggyback on it being previously switched on.

Platinum has been active in South East Asia since 2009, and conducts only a small number of targeted campaigns a year using advanced malware and zero-day attacks, Microsoft said [pdf].

The group seeks to steal intellectual property and conduct electronic espionage against governments and related organisations.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:

Most Read Articles

National photo licence recognition system set to go live in 2025

National photo licence recognition system set to go live in 2025

Hackers using F5 devices to target US gov networks

Hackers using F5 devices to target US gov networks

Qantas says customer data released by cyber criminals

Qantas says customer data released by cyber criminals

Austrade to replace its data centre core network

Austrade to replace its data centre core network

Log In

  |  Forgot your password?