BackdoorDiplomacy compromises organizations’ networks with vulnerabilities in web servers and network equipment administration interfaces.
ESET has discovered a new cyber espionage hacker group that has been targeting foreign ministries in Africa, Asia, Europe and the Middle East for the past four years.
In addition to diplomatic organizations, the list of victims of APT, dubbed BackdoorDiplomacy, includes telecommunications companies in Africa and at least one charity in the Middle East.
Basically, the grouping compromises corporate networks using vulnerabilities in web servers and administrative interfaces of network equipment (F5 BIG-IP devices, Microsoft Exchange mail servers, Plesk control panels).
After gaining access to the target system, the hackers install open source scanners to navigate the network and then install their own malware, which the researchers dubbed Turian. The malware exists in Windows and Linux versions and acts as a backdoor allowing attackers to interact with the system and steal data.
In some cases, the group installed malware to infect removable media, such as USB drives, to penetrate physically isolated networks.
Experts have not attributed BackdoorDiplomacy to any country, but a number of facts suggest that the group may be associated with China. This is indicated, in particular, by the use of compromise mechanisms previously seen in attacks by groups associated with the PRC, as well as the fact that the Turian backdoor is based on Quarian, a malware used in attacks by Chinese hackers.
Catch up on more stories here
Follow us on Facebook here