Carbon Backdoor Description
The Carbon Backdoor is a piece of malware developed by the Turla hacking group privately. This cybercrime organization is one of the most famous names in the malware research field, and their attacks have been troubling companies and organizations in various industries. The Carbon Backdoor, in particular, is often used as a secondary payload. The criminals usually rely on spear-phishing emails to reach their victims, and they often use trending topics to give their messages more credibility. In other cases, the Carbon Backdoor was delivered to victims via the so-called 'watering hole attack' – this strategy works by compromising a website, which the target uses, and then using it to deliver a threatening payload.
The primary purpose of the Carbon Backdoor appears to be data theft. However, researchers note that the Trojan configuration file has a very peculiar line called 'PLUGINS.' This is likely to mean that the Carbon Backdoor has a modular structure, and its operators can run additional plugins to extend the malware's functionality.
The Carbon Backdoor also has some features meant to make its communications and activity more difficult to analyze. It will not transmit data to the Command & Control server before checking for the presence of particular process names linked to network packet capturing software. If no matches are found, the Carbon Backdoor will proceed to transmit data and information.
The Carbon Backdoor has undergone several large updates, which is not a surprise considering Turla's usual activity. The group's members make an effort to rework and update their payloads once they have been discovered and analyzed properly. Advanced Persistent Threat (APT) actors are always upping their game, and their likely targets should take the necessary precautions to keep their network's security up-to-date.