Government

Platinum Group Unleashes New Titanium Backdoor

5 - 12 November 2019

The Platinum Group is using a new Windows backdoor, dubbed Titanium, to infiltrate and take over target systems.

The advanced persistent threat (APT) group, Platinum, is using a new Windows backdoor dubbed Titanium to infiltrate and take over target systems. Active since at least 2009, Platinum has targeted various government, military, and political targets in Asia Pacific, particularly countries in South and Southeast Asia regions. Platinum usually employs a multi-step infection sequence to install the Titanium payload, which can bypass simple anti-virus emulation engines. The Titanium backdoor uses various methods to hide in plain sight by camouflaging as security solutions, sound drivers, or software commonly used to create DVDs. Titanium can receive commands via text steganography hidden within PNG files to perform a wide range of tasks, including read and write any files from the file systems, update configuration parameters, and to drop and execute payloads.

References:

Titanium: The Platinum Group Strikes Again

More Weekly Cyber Newsanalysis and insights

Ensign Consulting

Enhancing your security posture, developing your cyber strategy, and designing your incident response plans.​

Ensign Systems Integration

Architecting and implementing cybersecurity solutions that bolster defences

Ensign Managed Security Services

Managing your security operations for advanced threat detection, continuous monitoring, and triage services

Ensign Labs

Performing deep research to analyse vulnerabilities, deploy advanced threat hunting and provide cyber threat intelligence