Cyber criminals tragetting sensitive intellectual property in Asia: Microsoft Report

Cyber attackers carry highly focused customized attacks to lure users, access sensitive information and not finances.

PLATINUM, a targeted activity group, is carrying opportunistic attacks across South and
South-east Asia. The group carries highly focused attacks seeking to steal sensitive intellectual property related to government interests. Government attacks mark almost half of the group’s attacks, 48.5%. The group has further classified targets as governmental organizations, defense institutes, intelligence agencies, diplomatic institutions, and telecommunication providers.


Vulnerability disclosures across the industry increased 9.4% between first half of 2015 and second half of 2015, to above 3,300. The activity group changes its target profiles and attack geographies based on geopolitical seasons, and may attack institutions all over the world, says the Security Intelligence Report.


PLATINUM, the code name given by Microsoft, sends spear phishes emails on private accounts through private webmail service. It also carries attacks through custom-developed malicious tools for specific victim. Documents that can lure interest of a user or a corporate such as resumes have been used as tools by the cyber criminals. The report discusses a case, from August 2015 where Microsoft investigated a malicious document (named Resume.docx) that had been uploaded to the VirusTotal malware analysis service. The document was uploaded through an India based IP address, as per report. In a latest incident from February 2016, PLATINUM was observed using a legitimate website dedicated to news about the Indian government as an infection vector, reported in the study.


 Microsoft has blocked a number of IP addresses from logging into Microsoft consumer cloud services in second half of 2015 because of fraudent login attempts. Almost half (49%) of these IP addresses were located in
Asia, as per the report.


PLATINUM does not conduct its espionage activity to engage in direct financial gain, but instead uses stolen information for indirect economic advantages. These attacks have been carried since at least as early as 2009, as per Microsoft.


Add new comment