BACKBEND
BACKBEND is a threatening Trojan downloader. The BACKBEND Trojan has been associated with APT30, a group of Chinese hackers that have been linked with various sophisticated malware attacks. APT stands for Advanced Persistent Threat and is generally used to refer to the criminal groups that carry out digital attacks. APT30 has attracted attention from PC security researchers gradually because of the various malware components that this group has developed to carry out their attacks. The BACKBEND Trojan downloader is just one of many malware components that this group has developed to carry out malware attacks on high-profile victims. PC security researchers are almost certain that the Chinese government supports or is even responsible for APT30, although the Chinese government has denied this repeatedly and insisted that APT30 attacks are just part of a global malware problem. However, there are numerous aspects of APT30 attacks and the targets and code of threats like BACKBEND that point to a very real connection to the Chinese government or other state-sponsored components in these attacks.
Attacks Associated With BACKBEND
One aspect of APT30 and BACKBEND attacks is that these campaigns have managed to infiltrate what is known as 'air-gapped systems.' These are generally devices that are not connected to the Internet and, therefore, considered to be completely out of reach from attackers. However, APT30 has managed to carry out attacks targeting these devices by using social engineering techniques and malware campaigns targeting individuals that have access to these air-gapped systems. APT30 delivers malware to the home computers of these individuals with the intent of then gaining access to the targeted device through the compromised individual. BACKBEND is a Trojan downloader that is designed to be delivered via external memory devices such as external hard drives, USB sticks and similar utilities. When the target of the BACKBEND attack uses one of these memory devices on the air-gapped system, then BACKBEND will be enabled on the targeted device. BACKBEND is designed to download other malware onto the victims' computers and extract data from infected devices that can be used to determine the best way to carry out the targeted malware attack. BACKBEND is just one of several original malware components that APT30 has developed for these purposes.
APT30 Attacks Involving Components Like BACKBEND
Individual computer users without a connection to critical data infrastructure can mostly consider themselves safe from BACKBEND and APT30 campaigns. This is because the criminals responsible for these attacks target networks that are not connected to the Internet and that are considered among the most secure systems on the planet mainly. They are isolated from the Internet and any type of external network and are generally associated with government facilities, the military, industry, and critical infrastructure such as power plants or dams. This means that accessing these devices requires physical access, which is quite difficult to gain, especially the more critical and highly guarded device. APT30 has been carrying out operations since 2005 reportedly. Attacks associated with APT30 seem to be used for espionage mainly and try to collect information connected to regional politics, territory disputes, military and economic issues and the media. Apart from BACKBEND, other hacking tools and malware developed by APT30 include MILKMAID, ORANGEADE Droppers, CREAMSICLE Downloader, GEMCUTTER Downloaders and many others, which have been developed in the last decade to carry out these attacks. The following are countries that are generally primary targets of attacks associated with APT30:
India
Malaysia
Vietnam
Thailand
South Korea
Nepal
Bhutan
Philippines
Singapore
Saudi Arabia
Indonesia
Japan
Brunei
Myanmar
Laos
Cambodia
To date, the Chinese government denies their involvement with APT30 or malware campaigns involving BACKBEND targeting these countries.
