The HDoor hacking tool is a threat, which likely originates from China and has been around for quite a while. Despite this, the HDoor tool is used to this day. One of the latest high-profile APTs (Advanced Persistent Threats) using the HDoor malware is the Cycldek hacking group. The Cycldek APT is operating from China and tends to go after high-profile targets in the South East Asian region. The Cycldek hacking group uses a lighter version of the HDoor, instead of the original variant of the threat.
The version of the HDoor threat used by the Cycldek hacking group is designed to look for available ports. This piece of malware also is capable of transferring data between local network hosts, which are offline.
The full-fledged variant of the HDoor malware has more features, including the ability to disable anti-malware applications that may be present on the host. It also is able to meddle with the OS’s security policies and make it more vulnerable. The original version of the HDoor threat also is able to carry out DDoS (Distributed-Denial-of-Service) attacks, as well as collect files and execute remote commands on the infected host.
The HDoor threat is a tool used by Chinese hacking groups mainly, who do not seem to be bothered by its age. Modern anti-virus software suites should detect the presence of the HDoor threat and eliminate it from the host.