Ghostnet Toolset—Back Door at the Click of a Button
Earlier this week, researchers from the University of Toronto published a paper about a botnet called Ghostnet that had infiltrated a large number of computers located in various government agencies around the world. While smelling of espionage—the circumstantial evidence shows particular organizations were targeted—no solid evidence has linked the attack it to any one government organization.
However, there do appear to be a few hacker organizations actively involved in the development and dissemination of the toolset used to create the back door used in Ghostnet. This threat, named Backdoor.Ghostnet, can easily be created by just about anyone who can work their way around the toolset—and the toolset is built to be very easy to use. Just fill out a few fields, click a few buttons, and you have your back door executable at the ready. Once a hacker has succeeded in running the threat on a computer, the toolset is there with a simple-to-use GUI.
But don’t just take my word for it. We set up two systems in our lab and ran the tool, controlling the compromised computer at the click of a button. We’ve put together the following video to demonstrate:
While we may not have a smoking gun showing this botnet as the work of any government organization, it is very clear that the groups behind the tools are organized and making it very easy for individuals to participate in these attacks.
Special thanks to Andrea Lelli for his help setting up and recording the video of this threat.