• About Us
  • Advertising
  • Digital Magazine
  • Supplements
  • Media Pack
  • Privacy Policy
  • Contact us
CXO Insight Middle East
  • News
  • Opinion
  • Business
    • Industries
      • Transport
      • Retail
      • Government
      • Real Estate
      • Education
      • Energy
      • Banking and Finance
    • Channel
  • Future
    • Tech
    • Gadgets
    • Science
    • Space
    • Sustainability
  • Events
    • Channel Insights Summit 2025
    • Insight Innovation Summit
    • CXO50 Oman
    • CXO50
    • ICT Awards
      • Dubai 2025
      • Saudi Arabia
    • Cyber Strategists Summit
    • Cloud Connect 2025
    • Channel Awards 2024
    • All events
  • GITEX
  • Digital Magazine
No Result
View All Result
CXO Insight Middle East
  • News
  • Opinion
  • Business
    • Industries
      • Transport
      • Retail
      • Government
      • Real Estate
      • Education
      • Energy
      • Banking and Finance
    • Channel
  • Future
    • Tech
    • Gadgets
    • Science
    • Space
    • Sustainability
  • Events
    • Channel Insights Summit 2025
    • Insight Innovation Summit
    • CXO50 Oman
    • CXO50
    • ICT Awards
      • Dubai 2025
      • Saudi Arabia
    • Cyber Strategists Summit
    • Cloud Connect 2025
    • Channel Awards 2024
    • All events
  • GITEX
  • Digital Magazine
No Result
View All Result
CXO Insight Middle East
No Result
View All Result

ESET: New APT group BackdoorDiplomacy attacks diplomats in MEA

by CXO Staff
June 21, 2021
in News

ESET Research has uncovered a new APT group BackdoorDiplomacy that primarily targets Ministries of Foreign Affairs

cybercrime cyber hacking

ESET Research has uncovered a new APT group BackdoorDiplomacy that primarily targets Ministries of Foreign Affairs in the Middle East and Africa, and less frequently, telecommunication companies. Their attacks usually start by exploiting vulnerable internet-exposed applications on webservers in order to install a custom backdoor that ESET is calling Turian. BackdoorDiplomacy can detect removable media, most likely USB flash drives, and copy their contents to the main drive’s recycle bin. The research was exclusively previewed at the annual ESET World conference this week.

ESET“BackdoorDiplomacy shares tactics, techniques, and procedures with other Asia-based groups. Turian likely represents a next stage evolution of Quarian, the backdoor last observed in use in 2013 against diplomatic targets in Syria and the United States,” said Jean-Ian Boutin, Head of Threat Research at ESET, who worked on this investigation along with Adam Burgher, Senior Threat Intelligence Analyst at ESET.

Turian’s network encryption protocol is nearly identical to the network encryption protocol used by Whitebird, a backdoor operated by Calypso, another Asia-based group. Whitebird was deployed within diplomatic organizations in Kazakhstan and Kyrgyzstan during the same timeframe as BackdoorDiplomacy (2017-2020).

Victims of BackdoorDiplomacy have been discovered in the Ministries of Foreign Affairs of several African countries, as well as in Europe, the Middle East, and Asia. Additional targets include telecommunications companies in Africa, and at least one Middle Eastern charity. In each case, operators employed similar tactics, techniques, and procedures (TTPs), but modified the tools used, even within close geographic regions, likely to make tracking the group more difficult.

BackdoorDiplomacy is also a cross-platform group targeting both Windows and Linux systems. The group targets servers with internet-exposed ports, likely exploiting poorly enforced file-upload security or unpatched vulnerabilities – in one instance leading to a webshell, called China Chopper, used by various groups. The operators attempted to disguise their backdoor droppers and evade detection.

A subset of victims was targeted with data collection executables that were designed to look for removable media (most likely USB flash drives). The implant routinely scans for such drives and, upon detecting insertion of removable media, attempts to copy all the files on them to a password-protected archive. BackdoorDiplomacy is capable of stealing the system information of the victim, taking screenshots, and writing, moving, or deleting files.

Tags: cybercrimeCybersecurityESETfeatured4
ShareTweet

Related Posts

ManageEngine appoints Sujoy Banerjee as UAE regional business director
Business

ManageEngine appoints Sujoy Banerjee as UAE regional business director

ManageEngine has appointed Sujoy Banerjee as its regional business director for the UAE. In this new role, Banerjee will oversee...

July 8, 2025
Omantel, UAE’s du launch high-capacity subsea cable
Future

Omantel, UAE’s du launch high-capacity subsea cable

Omantel and UAE's du have officially launched the Oman Emirates Gateway (OEG)—a 275-kilometre international fibre optic submarine cable system that...

July 8, 2025

Discussion about this post

Latest Issue

UAE announces AI-driven strategic planning cycle to accelerate 2031 vision

UAE announces AI-driven strategic planning cycle to accelerate 2031 vision

July 8, 2025
ManageEngine appoints Sujoy Banerjee as UAE regional business director

ManageEngine appoints Sujoy Banerjee as UAE regional business director

July 8, 2025
Omantel, UAE’s du launch high-capacity subsea cable

Omantel, UAE’s du launch high-capacity subsea cable

July 8, 2025

The most trusted source of strategic intelligence for IT decision makers in the Middle East.

About

  • About Us
  • Advertising
  • Digital Magazine
  • Supplements
  • Media Pack
  • Contact Us

Policies

  • Privacy Policy

© 2024 – CXO Insight Middle East. All Rights Reserved.

Facebook-f X-twitter Linkedin
Separated they live in Bookmarksgrove right at the coast of the Semantics, a large language ocean. A small river named Duden.

About

  • About Us
  • Site Map
  • Contact Us
  • Career

Policies

  • Help Center
  • Privacy Policy
  • Cookie Setting
  • Term Of Use

Join Our Newsletter

© 2024 – CXO Insight Middle East. All Rights Reserved.

Facebook-f Twitter Youtube Instagram

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In
Join our mailing list
Sign up here to get the latest news, updates and special offers delivered directly to your inbox.
No Result
View All Result
  • News
  • Opinions
  • Business
    • Industries
      • Transport
      • Retail
      • Government
      • Real Estate
      • Education
      • Energy
      • Banking and Finance
  • Channel
  • Future
    • Tech
    • Gadgets
    • Science
    • Space
    • Sustainability
  • Events
    • Channel Insights Summit 2025
    • Insight Innovation Summit
    • CX50 Oman
    • CXO50
    • ICT Awards
      • Dubai
      • Saudi Arabia
    • Cyber Strategists Summit
    • Cloud Connect 2025
    • Channel Awards 2023
    • All events
  • Videos
  • GITEX GLOBAL
  • Digital Magazine

© 2024 - CXO Insight Middle East. All Rights Reserved.