Between July and late December 2022, BackdoorDiplomacy has been associated with a new wave of attacks targeting Iranian government entities.

At least since 2010, the Chinese APT group has conducted cyberespionage campaigns against government and diplomatic entities across North America, South America, Africa, and the Middle East, often operating under the names APT15, KeChang, NICKEL, and Vixen Panda.

According to The Hacker News, ESET, a Slovakian cybersecurity firm, revealed in June 2021 how hackers used a custom implant called Turian to attack diplomatic entities and telecommunications companies in Africa and the Middle East.

Back in December 2021, 42 domains operated by the group in its attacks targeting 29 countries were seized. Additionally, the U.S., E.U. and NATO had officially blamed China for the widespread Microsoft Exchange attacks campaign that took place earlier that year.

In addition to obfuscation, the new versions of the Turian backdoor have a new decryption algorithm for extracting C2 servers. Although the malware is generic in nature, it offers basic functions such as updating the C2 server so it can be connected to, executed commands, and spawn reverse shells.

BackdoorDiplomacy’s interest in targeting Iran might have geopolitical extensions as it stands against the 25-year comprehensive cooperation agreement signed between China and Iran to foster economic, military, and security cooperation.

Palo Alto Networks Unit 42 tracked the activity under its constellation-themed name Playful Taurus. The researchers reported they observed the Iranian government domains attempting to connect to malware infrastructure previously associated with the adversary.

Playful Taurus continues to evolve their tactics and their tooling. Recent upgrades to the Turian backdoor and new C2 infrastructure suggest that these actors continue to see success during their cyberespionage campaigns.


If you liked this article, follow us on LinkedInTwitterFacebookYouTube, and Instagram for more cybersecurity news and topics.

What Is Malware? Definition, Types and Protection

China May Be Behind the Latest Cyber Attack on Middle Eastern Telecoms

Chinese Cyberspies Responsible for BadBazaar Android Malware

What Is Cyberespionage? Tactics, Targets, and Prevention Tips

Advanced Persistent Threat (APT): What It Is and How to Protect against It

China-Linked Hackers Impersonated Iranians to Breach Israeli Targets

China Officially Accused of Microsoft Exchange Attacks

Leave a Reply

Your email address will not be published. Required fields are marked *