A group of advanced hackers called which is named Platinum uses Intel technology to communicate invisibly to infected systems and networks.
The attack does not require an enabled network card.
Last year, the hacker group was already in the news because of the use of “hotpatching”, hotpatching is an attack that injects code in processes without having to restart a process. It was the first time that this technique was seen.
According to Microsoft, the group has a new lead, namely the use of Intel Active Management Technology (AMT) Serial-Over-LAN (SOL) as a communication channel. This channel works independently of the operating system, which means that all communication involved is invisible to firewalls and monitoring tools on the host.
Active Management Technology (AMT) allows remote management of systems and is part of Intel vPro processors and chipsets.
It runs on the Intel Management Engine (ME), which runs its own operating system to run on an embedded processor in the chipset.
Since this embedded processor is separate from the primary Intel processor, it can be active even if the main processor is disabled. This way, it is also possible to remotely manage remote systems.