Backdoor.Athena
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 60 % (Medium) |
| Infected Computers: | 10 |
| First Seen: | July 3, 2015 |
| Last Seen: | February 4, 2020 |
| OS(es) Affected: | Windows |
Backdoor.Athena is a backdoor Trojan that was developed by the United States government together with a computer security company named Siege Technologies. The news about Backdoor.Athena was leaked through WikiLeaks, which functions as a Russian-backed propaganda distributor together with its other functions. The leaks about Backdoor.Athena identified it as a beacon loader tool that is capable of obfuscating its persistence through the use of the system DLL hijacking and other obfuscation technologies. There are samples of Backdoor.Athena created using a builder kit, which allows the user to build a version of Backdoor.Athena through the command line. Backdoor.Athena's builder tool allows the user to create DLL files, in two versions designed to install Backdoor.Athena either on 32-bit or 64-bit versions of the Windows operating system.
Table of Contents
How Threats Like Backdoor.Athena are Used
Threats like Backdoor.Athena are designed to allow the attacker to gain unauthorized access to a computer. They are known as 'backdoor' Trojans because they allow the attacker to gain access much in the same way as an unguarded back door might allow a thief to sneak into a building. Backdoor Trojans like Backdoor.Athena can be used to install threats on a computer or collect information from the affected computer. Because of this, these threats have proven to be useful both in espionage and in illicit enterprises. It is likely that one of the reasons why the United States government has invested in developing these threats, is that it may allow them to engage in cyber-warfare with other countries or hacker groups.
Some Particularities of the Backdoor.Athena Trojan
Backdoor.Athena is capable of attacking all commonly used versions of Windows, including Windows XP, Windows Vista, Windows 7, the various versions of Windows 8 and Windows 10. Backdoor.Athena is associated with several functions that allow the attacker to carry out various operations on the infected computer without triggering a warning from an anti-virus program. Backdoor.Athena also can be uninstalled and deleted remotely, to prevent it from being isolated and studied by PC security researchers. Backdoor.Athena contains two modules known as Athena-Alpha and Athena-Bravo (the military designations for the letters A and B). Each of these two modules does different things. Athena-Alpha will use a remote access service and hijack the DLL iprtrmgr.dll on the infected computer. This allows Backdoor.Athena to achieve persistence by injecting its code into the Windows memory processes whenever Windows starts up. Athena-Bravo hijacks a different DLL, dnsext.fll, which is used by the affected computer for DNS related functions. This allows Backdoor.Athena to gain elevated access to the infected computer even after Windows is rebooted.
How to Defend Your Machine against Backdoor.Athena Attacks
Due to the high-profile nature of Backdoor.Athena's creators and users, it is very unlikely that Backdoor.Athena is being used against individual computer users. Rather, it seems that Backdoor.Athena attacks are related to espionage at the highest level, used by state-backed entities to gain access to sensitive information or to spy on their possible rivals. Backdoor.Athena is able to evade many anti-virus programs, report on activities carried out on the infected computer, install and run software on the infected computer, and allow the attacker access to video and audio recording devices on the affected computer. For example, using Backdoor.Athena, an attacker could gain access to the affected computer's webcam and use it to take video of the computer's surroundings and users. To prevent attacks involving Backdoor.Athena, it is important to always install the latest security patches to keep the Windows operating system safe from interference. It is also essential to use a reliable security program that is fully up to date to ensure that it is capable of intercepting these attacks.
