News Security

FireEye releases advisory blog on CARBANAK malware

This post focuses on the operational details of its use over the past few years, including its configuration, the minor variations observed from sample to sample, and its evolution

CARBANAK is a full-featured backdoor with data-stealing capabilities and a plug-in architecture. Some of its capabilities include key logging, desktop video capture, VNC, HTTP form grabbing, file system management, file transfer, TCP tunneling, HTTP proxy, OS destruction, POS and Outlook data theft and reverse shell.

Much of the publicly released reporting surrounding the CARBANAK malware refers to a corresponding “Carbanak Group”, who appears to be behind the malicious activity associated with this data-stealing backdoor. FireEye iSIGHT Intelligence has tracked several separate overarching campaigns employing the CARBANAK tool and other associated backdoors, such as DRIFTPIN (aka Toshliph).

In all Mandiant investigations to date where the CARBANAK backdoor has been discovered, the activity has been attributed to the FIN7 threat group. FIN7 has been extremely active against the U.S. restaurant and hospitality industries since mid-2015.

Related posts

New Relic Named a Cloud Observability Leader by GigaOm

enterpriseitworld

Quantum Announces the Scalar i7 RAPTOR for Data Lakes

enterpriseitworld

HPE Leverages GenAI to Enhance AIOps Capabilities of HPE Aruba Networking Central Platform

enterpriseitworld