Kaspersky experts have revealed new developments in activities from Platinum - one of the most technologically advanced APT actors that has traditionally focused on the APAC region. During the analysis, a new backdoor called Titanium was identified. 

Titanium APT includes a complex sequence of dropping, downloading and installing stages, with deployment of a Trojan-backdoor at the final stage. Its main infection vectors include local intranet websites with a malicious code to start spreading, a malicious archive that can be downloaded via BITS Downloader, and others.

The backdoor can accept many different commands, including but not limited to:

• Read any file from a file system and send it to the C&C
• Drop or delete a file in the file system
• Drop a file and run it
• Run a command line and send execution results to the C&C
• Update configuration parameters (except the AES encryption key)
  

The malware hides at every stage by mimicking common programs, such as popular DVD and anti-malware software. The major targets of the Titanium campaign were located in South and Southeast Asia - known to be around half dozen army and government institutions.

"Our findings once again indicate that while threat actors, just as Kaspersky predicted last year, went into deep waters, a lot of interesting developments are going on there with new attacks, campaigns, and malware modifications," said Vladimir Kononovich, a security expert at Kaspersky. "These are yet to be found. The backdoor we found is of particular interest due to its capability to introduce an interactive mode that allows attackers to use a remote command line mode which sends a launched program's output to the C&C and receives any required input from it dynamically."

For more information on Titanium, please visit Securelist.