Backdoor.Hartip is a never-before-seen strain of backdoor malware. The threat was first observed by infosec researchers as part of a long-running attack campaign mainly focused on infecting Japanese companies and their subsidiaries around the world. The campaign's sheer scale and the sophistication displayed in the attack chain point to the culprits being an Advanced Persistent Threat (APT) group of hackers. Combined with several other circumstantial links, it led the researchers to attribute the attack to the Cicada group.
According to the US government, the operations performed by Cicada are sponsored by China. The same group also can be found under the names APT10, Stone Panda, and Cloud Hopper. In the past, it has carried out several attacks against Japanese entities. The current operation encompasses a wide range of industry sectors, including the automotive, pharmaceutical, and engineering sectors. Historically, Cicada has been conducting corporate espionage and data-theft operations, and this latest campaign is no different.
However, the hackers have also unleashed a couple of new threatening tricks alongside their usual methods and tools. First, they have begun to exploit a threatening NetLogon vulnerability dubbed ZeroLogon. This exploit was assigned the identifier CVE-2020-1472 and a severity rating of 10. Although Microsoft patched it bay in August, the number of organizations who may have delayed updating their systems remains significant.