For African and Middle Eastern officials, this new hacking gang has a terrible surprise in store

For African and Middle Eastern officials, this new hacking gang has a terrible surprise in store

If web servers or network management interfaces are found which have weak points, such as software vulnerabilities or poor file-upload security, the APT will strike. In one case observed by ESET, an F5 bug — CVE-2020-5902 — was used to deploy a Linux backdoor, whereas, in another, BackdoorDiplomacy adopted Microsoft Exchange server bugs to deploy China Chopper, a webshell.

Revealed on Thursday by ESET researchers, the state-sponsored group, dubbed BackdoorDiplomacy, has been linked to successful attacks against Ministries of Foreign Affairs in numerous African countries, the Middle East, Europe, and Asia — alongside a smaller subset of telecommunications firms in Africa and at least one charity outfit in the Middle East. Backdoor Diplomacy is thought to have been in operation since at least 2017. The cross-platform group targets both Linux and Windows systems and seems to prefer to exploit internet-facing, vulnerable devices as an initial attack vector.

Once they have obtained entry, the threat actors will scan the device for the purposes of lateral movement; install a custom backdoor, and deploy a range of tools to conduct surveillance and data theft. The backdoor, dubbed Turian, is thought to be based on the Quarian backdoor — malware linked to attacks used against diplomatic targets in Syria and the US back in 2013.

The main implant is capable of harvesting and exfiltrating system data, taking screenshots, and also overwriting, moving/deleting, or stealing files. Among the tools used is network tunnel software EarthWorm; Mimikatz, NetCat, and software developed by the US National Security Agency (NSA) and dumped by ShadowBrokers, such as EternalBlue, DoublePulsar, and EternalRocks.

VMProtect was used in most cases to try and obfuscate the group’s activities. Diplomats may have to deal with sensitive information handed over through removable drives and storage. To widen the scope of its cyberespionage activities, BackdoorDiplomacy will scan for flash drives and will attempt to copy all files from them into a password-protected archive which is then whisked off to a command-and-control (C2) center via the backdoor. While BackdoorDiplomacy has been registered as an APT in its own right, there do appear to be other links, or at least, common threads, with other threat groups.

The News Highlights

  • For African and Middle Eastern officials, this new hacking gang has a terrible surprise in store
  • Check the latest update on Security news
  • .

Disclaimer: If you need to edit or update this news from compsmag then kindly contact us Learn more

For Latest News Follow us on Google News


Latest Headlines
  • Show all
  • Trending News
  • Popular By week
Transparent Hugepages Are On Their Way To RISC-V

Transparent Hugepages Are On Their Way To RISC-V

Following recent RISC-V kernel additions like XIP for execute in place, support for KProbes and other features, and hardware specific work like SiFive FU740 ...
Google Gives Green Flag for Release of its Dark Mode Feature

Five antitrust bills have been filed against Amazon, Apple, Facebook, and Google

The bills are aimed at the four tech titans, which collectively influence almost every aspect of online life, as well as the broader industry. If eventually ...
Fallen Order is now available for Xbox Series X|S

Fallen Order is now available for Xbox Series X|S

“This next-gen release provides the best possible way to experience Star Wars Jedi: Fallen Order on consoles,” EA says, adding that its technical ...
The $149 Smartphone That Could Resurrect the Linux Mobile Ecosystem

The $149 Smartphone That Could Resurrect the Linux Mobile Ecosystem

On the other hand, what if I were to tell you that there’s a phone where you could have nearly every other attempt at a smartphone OS at your fingertips, one ...
Savegames from Star Wars Jedi: Fallen Order on PS4 are compatible with Star Wars Jedi: Fallen Order on PS5

Savegames from Star Wars Jedi: Fallen Order on PS4 are compatible with Star Wars Jedi: Fallen Order on PS5

However, Star Wars Jedi: Fallen Order – which released natively on the PS5 today – changes everything. The next-gen edition can read the PS4 save data stored ...
Sony WF-1000XM4 Vs Apple Airpods Pro

Apple AirPods Pro vs Sony WF-1000XM4 : Which one is better?

Apple and Sony approach design differently Apple understands the value of carving out a path of least resistance for its customers, with an ecosystem of ...
Which Amazon Echo Should You Get your home on Prime Day?

Which Amazon Echo Should You Get your home on Prime Day?

Amazon Echo Show 10 (3rd Gen) Amazon’s prized Echo line covers an assortment of product categories, with the majority of them being smart displays and smart ...
Illinois Health Authorities Announce 268 New COVID-19 Cases, 15 Deaths

Illinois Health Authorities Announce 268 New COVID-19 Cases, 15 Deaths

Suggest a Correction Close Modal Suggest a Correction The preliminary seven-day statewide positivity for cases as a percent of total test from June 5 ...
Record Store Day 2021 offers a sign of hope for companies working on their recovery from the pandemic

Record Store Day 2021 offers a sign of hope for companies working on their recovery from the pandemic

Last year, vinyl sales outpaced CD sales for the first time since the 1980s. Vinyl sales grew by 46% to 27.5 million copies sold in 2020, MRC Data told CNN. ...
Myrtle Beach Business Owners Plead Not Guilty in Federal Visa Fraud, Money Laundering Case

Myrtle Beach News Owners Plead Not Guilty in Federal Visa Fraud, Money Laundering Case

Authorities have identified several dozen victims, but they believe there are more out there. Officials said many victims are from Jamaica and the Philippines, ...
Show next
Compsmag - Latest News from tech, business and health
Logo