Backdoor Diplomacy: From Quarian to Turian

Backdoor Diplomacy: From Quarian to Turian

BackdoorDiplomacy shares commonalities with several other Asian groups. Most obvious among them is the connection between the Turian backdoor and the Quarian backdoor. Specific observations regarding the Turian-Quarian connection are recorded below in the Turian section. We believe this group is also linked with a group Kaspersky referred to as “CloudComputating” that was also analyzed by Sophos.

An APT group that we are calling BackdoorDiplomacy, due to the main vertical of its victims, has been targeting Ministries of Foreign Affairs and telecommunication companies in Africa and the Middle East since at least 2017. For initial infection vectors, the group favors exploiting vulnerable internet-exposed devices such as web servers and management interfaces for networking equipment. Once on a system, its operators make use of open-source tools for scanning the environment and lateral movement. Interactive access is achieved in two ways: (1) via a custom backdoor we are calling Turian that is derived from the Quarian backdoor; and (2) in fewer instances, when more direct and interactive access is required, certain open-source remote access tools are deployed. In several instances, the group has been observed targeting removable media for data collection and exfiltration. Finally, both Windows and Linux operating systems have been targeted.

Several victims were compromised via mechanisms that closely matched the Rehashed Rat and a MirageFox-APT15 campaign documented by Fortinet in 2017 and Intezer in 2018, respectively. The BackdoorDiplomacy operators made use of their specific form of DLL Search-Order Hijacking.

Finally, the network encryption method BackdoorDiplomacy uses is quite similar to a backdoor Dr.Web calls Backdoor.Whitebird.1. Whitebird was used to target government institutions in Kazakhstan and Kyrgyzstan (both neighbors of a BackdoorDiplomacy victim in Uzbekistan) within the same 2017-to-present timeframe in which BackdoorDiplomacy has been active.

The News Highlights

  • Backdoor Diplomacy: From Quarian to Turian
  • Check the latest update on Security news
  • .

Disclaimer: If you need to edit or update this news from compsmag then kindly contact us Learn more

For Latest News Follow us on Google News


Latest Headlines
  • Show all
  • Trending News
  • Popular By week
UK farm family uses ‘cow dung’ to generate renewable energy for cryptocurrency mining

UK farm family uses ‘cow dung’ to generate renewable energy for cryptocurrency mining

“When we started this business four years ago, green energy wasn’t on our customers’ radar, but now it’s approximately 40 percent of our business, and growing ...
Users of IMyFone’s AnyTo app for Android and iOS may now change their GPS locations at any moment

Users of IMyFone’s AnyTo app for Android and iOS may now change their GPS locations at any moment

iMyFone is established as a solutions provider for iOS, Android, Windows PC, and Mac devices. They have launched several applications that are user-friendly ...
Dogecoin is breaking: now is the time to invest?  |  personal finances

Dogecoin is breaking: now is the time to invest? | personal finances

Source wacotrib.com This isn’t to say that Dogecoin is doomed to fail. It has certainly surprised people in the past, and if it continues to improve and ...
Facebook I just bought Fortnite of VR

Facebook I just bought Fortnite of VR

Population: One has been a hit, earning more than $10 million on the Oculus Store “after just a few months,” Verdu said in a February blog post. The game, ...
Myrtle Beach company “will remain in business” after the owners were arrested in a federal fraud case, lawyers say

Myrtle Beach company “will remain in business” after the owners were arrested in a federal fraud case, lawyers say

The three suspects were arraigned in federal court on Thursday where they entered not guilty pleas. All employees will be paid monies owed to them as soon as ...
The most anticipated WWDC 2021 announcements from Apple for iPhone, Mac, and more

Updates on Apple’s smart home from WWDC 2021

But Apple is taking a different tack with its smart home strategy than it does its main platforms, such as iOS and MacOS, where the company both builds the ...
Where is the money going?  - Oswego County today

Where is the money going? – Oswego County today

Now back to the fact that there has been no mention of this money. I said that I hoped that the city wasn’t going to fall for the Counties con game and give ...
The Aftermath of World War Z has been announced

The Aftermath of World War Z has been announced

Revealed as part of IGN Expo, World War Z: Aftermath includes everything from the World War Z: Game of the Year Edition, which recently surpassed 15 million ...
University hospitals receive $10 million grant from the Ahuja family to support community health centers and reach underserved populations

University hospitals receive $10 million grant from the Ahuja family to support community health centers and reach underserved populations

The Midtown health center opened in 2018 with a focus on community-based care for women and children. Since then it’s served more than 114,000 patients. The ...
Some DC business owners take precautions with reopening – NBC4 Washington

Some DC business owners take precautions with reopening – NBC4 Washington

Copyright © 2021 NBCUniversal Media, LLC. All rights reserved Submit Tips for Investigations Newsletters Connect With Us Send Feedback WRC ...
Show next
Compsmag - Latest News from tech, business and health
Logo