Graphon Backdoor, Harvest APT's Primary Implant

The Graphon Backdoor is a malicious implant whose development and usage is attributed to the Harvester Advanced Persistent Threat (APT) actor. As the name of this cybercrime group hints, their focus is on harvesting data from the infiltrated networks of their victims. Although stealing information appears to be their primary motivation, the Graphon Backdoor is also able to execute other tasks on the systems it compromises. Typically, the Graphon Backdoor is aided by multiple custom and public tools that the Harvester APT hackers use:

  • A custom screenshot tool that can grab pictures of the desktop and specific windows.
  • The cracked Cobalt Strike Beacon that can run remote commands and more.
  • Metasploit, a custom exploit framework.

The latest Graphon Backdoor campaign is still active, and cybersecurity researchers are still gathering intelligence about it. So far, it seems that the attack focuses on victims in South Asia and, in particular, the Afghanistan region. The victims of the Graphon Backdoor attacks are typically institutions and entities operating in the following sectors – government, IT, and telecommunications. As for the infection vector that the criminals rely on – there is no data yet. However, it is very likely that they are relying on traditional methods such as exploiting weaknesses in outdated software or spear phishing emails.

Graphon Backdoor Leverages Legitimate Hosting Services

The Graphon Backdoor has its command-and-control servers hosted on the Microsoft Azure service. While this might seem strange, it is an easy way to mix the malicious traffic with the legitimate one, and prevent it from standing out too much. This implant is able to execute remote commands, as well as to operate the custom tools that the criminals introduce as second-stage payloads. So far, no other versions of the Graphon Backdoor have been identified. Entities and companies that are likely to become the target of these attacks should ensure their system's protection with the use of reputable security software, and applying the latest security patches.

October 19, 2021
Loading...

Cyclonis Backup Details & Terms

The Free Basic Cyclonis Backup plan gives you 2 GB of cloud storage space with full functionality! No credit card required. Need more storage space? Purchase a larger Cyclonis Backup plan today! To learn more about our policies and pricing, see Terms of Service, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.