HomeTechnologyCybersecurityNew BackdoorDiplomacy Attacks Target Iranian Government Entities

New BackdoorDiplomacy Attacks Target Iranian Government Entities

Published on


BackdoorDiplomacy has been linked to a new wave of attacks on Iranian government organisations that happened between July and late December 2022.

Palo Alto Networks Unit 42, which is keeping an eye on the activity under the name “Playful Taurus,” which is a reference to a constellation, said that it saw government domains trying to connect to malware infrastructure that had already been linked to the enemy.

The Chinese APT group, which goes by the names APT15, KeChang, NICKEL, and Vixen Panda, has been running cyber espionage campaigns against government and diplomatic organisations in North America, South America, Africa, and the Middle East since at least 2010.

“we assess that it is used only by Playful Taurus actors.”

– Palo Alto Networks Unit 42

In June 2021, the Slovak cybersecurity company ESET figured out how the hacking crew used a custom implant called Turian to break into diplomatic and telecommunications companies in Africa and the Middle East.

Then, in December 2021, Microsoft said that it had taken over 42 domains that the group used to attack 29 countries. It also said that the group used exploits on unpatched systems to get into web applications like Microsoft Exchange and SharePoint that were accessible from the internet.

Most recently, the threat actor was linked to an attack on an unnamed telecom company in the Middle East. The attack used Quarian, an older version of Turian that lets a remote point of access into targeted networks.

In a report shared with The Hacker News, Unit 42 said that Turian “remains under active development” and that “we assess that it is used only by Playful Taurus actors.” It also said that it had found new versions of the backdoor used in attacks on Iran.

The cybersecurity company also said that it saw four different Iranian organisations, including the Ministry of Foreign Affairs and the Natural Resources Organization, connect to a known command-and-control (C2) server linked to the group.

“The fact that these connections to infrastructure controlled by Playful Taurus happen every day suggests that these networks have probably been broken,” it said.

The C2 servers are now easier to find in the new versions of the Turian backdoor, which also have a new decryption algorithm. But the malware is generic in the sense that it only has basic features like updating the C2 server to connect to, running commands, and making reverse shells.

BackdoorDiplomacy’s desire to target Iran is said to have geopolitical implications because it comes at the same time that China and Iran signed a 25-year agreement to work together on economic, military, and security issues.

Researchers from Unit 42 said that the playful Taurus continue to change their strategies and tools. “Recent improvements to the Turian backdoor and a new C2 infrastructure suggest that these actors are still having success with their cyber espionage campaigns.”

Info source – The Hacker News

Latest articles

Malaysia Average Salary Insights: Fresh Graduates and Inflation

In Malaysia, determining the average salary for fresh graduates has become an increasingly pressing...

Just For Thought: Current Social Media Problem

The rise of social media has undoubtedly revolutionized the way we connect with others...

The Negative Impact of Social Media on Geopolitical Movements

The emergence of social media has revolutionized communication worldwide, facilitating the spread of information,...

China’s Investment In Sarawak And Its Implications

China's investment in Sarawak has raised concerns among many locals and environmentalists. The influx...

More like this

Eight Wartime Rules For “Civilian Hackers” And Four State Obligations To Restrain Them

As digital technology changes how militaries conduct war, a concerning trend has emerged in...

The hackers’ new method of demanding ransom payments

Software developer Veeam has found that cybercriminals are getting more ingenious with their ransomware...

China bans Micron chips from being used in important facilities, citing “national security” risks

China has stopped selling some Micron goods after opening an investigation into the American...