Cyber attackers carry highly focused customized attacks to lure users, access sensitive information and not finances.
PLATINUM, a targeted activity group, is carrying opportunistic attacks across South and
Vulnerability disclosures across the industry increased 9.4% between first half of 2015 and second half of 2015, to above 3,300. The activity group changes its target profiles and attack geographies based on geopolitical seasons, and may attack institutions all over the world, says the Security Intelligence Report.
PLATINUM, the code name given by Microsoft, sends spear phishes emails on private accounts through private webmail service. It also carries attacks through custom-developed malicious tools for specific victim. Documents that can lure interest of a user or a corporate such as resumes have been used as tools by the cyber criminals. The report discusses a case, from August 2015 where Microsoft investigated a malicious document (named Resume.docx) that had been uploaded to the VirusTotal malware analysis service. The document was uploaded through an
Microsoft has blocked a number of IP addresses from logging into Microsoft consumer cloud services in second half of 2015 because of fraudent login attempts. Almost half (49%) of these IP addresses were located in
PLATINUM does not conduct its espionage activity to engage in direct financial gain, but instead uses stolen information for indirect economic advantages. These attacks have been carried since at least as early as 2009, as per Microsoft.