Backdoor.Hartip

Backdoor.Hartip is a Trojan that is only involved in one identified attack campaign currently. Backdoor.Hartip is used as a second-stage payload, and it is a part of the arsenal of the APT10 group, an Advanced Persistent Threat (APT) actor currently. The group's recently identified campaign targets Japanese companies operating in several sectors, including the automotive and pharmaceutical industries. The group made the news recently because it managed to take advantage of the recently-discovered ZeroLogon Windows vulnerability. This is the first time that this vulnerability has been identified by a threat actor successfully, and, unfortunately, hundreds of thousands of unpatched computers are in danger because of this attack.

Apart from using the new Backdoor.Hartip, the criminals also relies on the QuasarRAT Trojan to gain control over the compromised systems. The Hartip implant is still undergoing analysis, but it is believed that the malware has typical backdoor capabilities such as:

• Deploying and running additional binaries.
• Collecting specific files and uploading them to the control server.
• Executing remote commands.
• Running PowerShell scripts.

It is safe to assume that Backdoor.Hartip also possesses the ability to evade malware detection tools and virtual environments – a common feature in high-quality malware whose authors want to keep it away from experts for as long as possible. Unfortunately, the newly discovered Backdoor.Hartip and the ZeroLogon vulnerability are likely to become even more serious problems in the upcoming months. Companies and organizations can strengthen their network security by investing in reputable anti-virus and firewall services.