APT30 Gets Busy with Backspace

June 12, 2015 | Garrett Gross
X

Get the latest security news in your inbox.

Subscribe via Email

No thanks. Close this now.

One of the biggest threats facing networks today are ‘professional’ hackers, often referred to as ‘Advanced Persistent Threats’ or ‘APT’s. These criminals differ from common attackers due to the sophistication of their techniques, the fact that they are usually acting at the behest of a government or corporate entity, and that they have the resources required to launch large-scale and long-lasting attack campaigns.

Recently, FireEye released a great report on one of the more active groups, now known as APT30. This group not only uses spear phishing and social engineering tactics to lure victims in but also delivers several variations of custom malware to carry out the attacks. One known piece of malware is ‘Backspace’, a professionally developed and maintained application that allows for remote administration and data exfiltration.

A related APT group (some suspect they might be working together or even one in the same) is Naikon. Their custom malware (eponymously named ‘Naikon’) is very similar in function to Backspace, with RAT and C&C capabilities built-in.

Impact on you:

  • Once a remote control type toolkit is installed, an attacker essentially has complete control of the machine
  • Attackers can steal information from infected machines and use their access to pivot around the network
  • These malware variants, used in conjunction with other techniques have been known to steal data from air-gapped (isolated from outside network) servers

How AlienVault USM Helps:

AlienVault Unified Security Management (USM) continuously scans your assets for vulnerabilities, alerting you to those that could leave you susceptible to attacks and, in most cases, provides expert remediation advice.
AlienVault Labs has already released several IDS signatures and the following correlation rules to USM so that customers can identify the presence of these pieces of malware:

  • System Compromise, Targeted Malware, Backspace
  • System Compromise, Targeted Malware, Naikon

Read more about these and other USM threat intelligence updates in our forum.

Garrett Gross

About the Author: Garrett Gross
Garrett Gross has always had an insatiable appetite for technology and information security, as well as an underlying curiosity about how it all works. Garrett has over 15 years of professional experience in information technology, filling several roles: systems administration, network engineering, product marketing, technical support, and helpdesk. In his current role in field enablement, he uses his experience to help managed security service providers be successful in evangelizing and operationalizing AlienVault USM.
Read more posts from Garrett Gross ›

‹ BACK TO ALL BLOGS

Watch a Demo ›
Get Price Free Trial