1 min read

BackdoorDiplomacy Wields New Tools in Fresh Middle East Campaign

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
BackdoorDiplomacy Wields New Tools in Fresh Middle East Campaign

Bitdefender researchers have uncovered a new cyber-espionage campaign targeting a telecommunications firm in the Middle East. While investigating a set of binaries vulnerable to sideloading attacks, we identified a cyber-espionage operation most likely carried out by Chinese threat actor BackdoorDiplomacy.

Who is BackdoorDiplomacy?

APT group BackdoorDiplomacy, which has been operating at least since 2017, is known for its attacks against institutions in the Middle East and Africa as well as in the United States.

This report covers another campaign against a telecom company in the Middle East. It also documents a set of new tools the group adopted in 2022.

Attack at a glance

  • The infection vector pointed to a vulnerable Exchange server, exploiting ProxyShell. Forensic evidence shows the attack started in August 2021, when the group deployed the NPS proxy tool and IRAFAU backdoor into the organization.
  • Starting in February 2022, the threat actors used another tool - Quarian backdoor, along with several other scanners and proxy/tunneling tools.
  • Artifacts reveal the use of keyloggers and exfiltration tools that link this campaign to a cyber-espionage operation.

Indicators of Compromise

An up-to-date, complete list of indicators of compromise is available to Bitdefender Advanced Threat Intelligence users. Currently known indicators of compromise can be found in the whitepaper below.

Download the whitepaper

tags


Author



Right now

Top posts

BackdoorDiplomacy Wields New Tools in Fresh Middle East Campaign

BackdoorDiplomacy Wields New Tools in Fresh Middle East Campaign

December 06, 2022

1 min read
Side-Loading OneDrive for profit – Cryptojacking campaign detected in the wild

Side-Loading OneDrive for profit – Cryptojacking campaign detected in the wild

October 05, 2022

1 min read
A Red Team Perspective on the Device42 Asset Management Appliance

A Red Team Perspective on the Device42 Asset Management Appliance

August 10, 2022

1 min read
Vulnerabilities Identified in Wyze Cam IoT Device

Vulnerabilities Identified in Wyze Cam IoT Device

March 29, 2022

1 min read
New FluBot and TeaBot Global Malware Campaigns Discovered

New FluBot and TeaBot Global Malware Campaigns Discovered

January 26, 2022

10 min read
Bitdefender Honeypots Signal Active Log4Shell 0-Day Attacks Underway; Patch Immediately

Bitdefender Honeypots Signal Active Log4Shell 0-Day Attacks Underway; Patch Immediately

December 10, 2021

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

EyeSpy - Iranian Spyware Delivered in VPN Installers EyeSpy - Iranian Spyware Delivered in VPN Installers
Janos Gergo SZELESBogdan BOTEZATU
2 min read
Bitdefender Partnership with Law Enforcement Yields MegaCortex Decryptor Bitdefender Partnership with Law Enforcement Yields MegaCortex Decryptor
Bitdefender

January 05, 2023

1 min read
BackdoorDiplomacy Wields New Tools in Fresh Middle East Campaign BackdoorDiplomacy Wields New Tools in Fresh Middle East Campaign
Adrian SCHIPORVictor VRABIE
1 min read