Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

10/18/2017
11:10 AM
50%
50%

'Hacker Door' Backdoor Resurfaces as RAT a Decade Later

Sophisticated backdoor re-emerges as a RAT more than a decade after its 2004 public release, with updated advanced malicious functionality.

A sophisticated remote access Trojan (RAT) dubbed Hacker Door by researchers has appeared in active attacks and sharing many similarities to a backdoor of the same name that was released in 2004 and last updated in 2005. The new Hacker Door has updated and advanced functionality, report researchers at Cylance.

Hacker Door contains a backdoor and rootkit components. It engages in a set of typical remote commands once active, Cylance researchers say, including grabbing screenshots and files, running other processes and commands, opening Telnet and RDP servers, and stealing Windows credentials during current sessions.

Some of its functionality includes using a signed stolen certificate to evade detection by security software designed to search for unsigned code, notes a ZDNet report. Cylance researchers note Hacker Door is largely undocumented malware and has seldom been seen in the wild.

Hacker Door appears to be used by Winnti, a Chinese advanced persistent threat group, notes Cylance. And Winnti appears to be targeting the aerospace industry, the researchers discovered.

Read more about Hacker Door here.

Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
RyanSepe
100%
0%
RyanSepe,
User Rank: Ninja
10/20/2017 | 7:26:09 AM
Malware Signatures
This is a perfect example why only protecting against signatures is not enough and why heuristics is pivotal. By changing a few strings of code the malware variant obtains a different hash rendering the signature ineffective. This allows for older strains to make a comeback with minimal effort.
LacyLoving
50%
50%
LacyLoving,
User Rank: Apprentice
10/19/2017 | 2:07:32 AM
nice
nice
7 Truths About BEC Scams
Ericka Chickowski, Contributing Writer,  6/13/2019
DNS Firewalls Could Prevent Billions in Losses to Cybercrime
Curtis Franklin Jr., Senior Editor at Dark Reading,  6/13/2019
Cognitive Bias Can Hamper Security Decisions
Kelly Sheridan, Staff Editor, Dark Reading,  6/10/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-12855
PUBLISHED: 2019-06-16
In words.protocols.jabber.xmlstream in Twisted through 19.2.1, XMPP support did not verify certificates when used with TLS, allowing an attacker to MITM connections.
CVE-2013-7472
PUBLISHED: 2019-06-15
The "Count per Day" plugin before 3.2.6 for WordPress allows XSS via the wp-admin/?page=cpd_metaboxes daytoshow parameter.
CVE-2019-12839
PUBLISHED: 2019-06-15
In OrangeHRM 4.3.1 and before, there is an input validation error within admin/listMailConfiguration (txtSendmailPath parameter) that allows authenticated attackers to achieve arbitrary command execution.
CVE-2019-12840
PUBLISHED: 2019-06-15
In Webmin through 1.910, any user authorized to the "Package Updates" module can execute arbitrary commands with root privileges via the data parameter to update.cgi.
CVE-2019-12835
PUBLISHED: 2019-06-15
formats/xml.cpp in Leanify 0.4.3 allows for a controlled out-of-bounds write in xml_memory_writer::write via characters that require escaping.