Researchers from security firm Mandiant revealed the existence of a backdoor Trojan they called Hikit, reports Danielle Walker for SC Magazine.
According to Mandiat’s findings, Hikit was discovered only last year, but it has already infiltrated the network of a number of defense contractors as part of a larger scheme.
Ryan Kazanciyan, a principal consultant at Madiant, shared with SC Magazine on Monday that Hikit is a type of a persistent threat malware which is designed to take classified data for industrial espionage.
Hikit cannot perform a system breach on its own but exploits server weak points to allow and maintain access to its target’s database.
Hikit can place commands at its target servers, transfer files, conduct data retrievals, and redirect server traffic.
Researchers at Symantec published a blog post regarding Hikit last Friday which explained the malware does not communicate with a command-and-control server when installed in order to evade detection.
The kernel driver regulates network traffic until it can track the precise pattern which unlocks the backdoor communication channel.
Hikit can also hamper the operational capacity of its target server since it does not communicate with its creator, according to the Symantec post.
Kazanciyan says Hikit can remain undetected for many years because of the vastness and complexity of their target’s networks and its capability of depending on filched identities to gain access.
He cited that some of its victims have only become aware of its existence in their networks after notification from law enforcement agencies.
Kazanciyan suggests that target organizations must first identify who was the source of the malware; since it is highly probable that personnel with unrestricted access could have introduced the malware into their network.
He also recommends quarantining internet-facing systems so that malware cannot access other parts of the network.