Published in PC Hardware

Microsoft finds bug in Intel ME

by on09 June 2017

There is even malware exploiting it

Microsoft's security team has come across a malware family that uses Intel's Active Management Technology (AMT) Serial-over-LAN (SOL) interface as a file transfer tool.

Intel's AMT SOL is part of Intel's ME, a separate chip inside Intel CPUs that runs its own OS and stays on even when the main CPU is off. This makes it a rather good place for malware to hit.

Inside Intel's ME, AMT SOL opens a virtual network interface which works even when the PC is turned off. This virtual network interface runs inside ME, firewalls and security products installed on the main OS won't detected malware using AMT SOL to exfiltrate data.

Apparently the code was not penned by script kiddies. It has all the fingerprints of a nation state cyber-espionage unit codenamed PLATINUM.  The group has been active since 2009, and has targeted countries around the South China Sea.

PLATINUM is by far one of the most sophisticated hacking groups ever discovered. Last year Microsoft said the group was installing malware by abusing hotpatching — a mechanism that allows Microsoft to issue updates that tap into active processes and upgrade applications or the operating system without having to reboot the computer.

Last modified on 09 June 2017
Rate this item
(0 votes)

Read more about: