New APT group is targeting diplomats: ESET researchers have followed and analyzed the activities of the hacker group in Europe, Asia and Africa.
ESET researchers have discovered a new APT group called BackdoorDiplomacy. The hackers are primarily targeting foreign ministries in the Middle East and Africa. But they have also become active in Germany and Austria.
Also activities in Germany
Their attacks usually start by exploiting vulnerable applications on web servers to install a custom backdoor ESET calls Turian. The researchers of the European IT security manufacturer have published their results online on WeliveSecurity. “BackdoorDiplomacy shares tactics, techniques and procedures with other groups from Asia. The malware Turian used is probably a further development of Quarian. The malware was used in 2013 to attack diplomatic targets in Syria and the USA, ”says Jean-Ian Boutin, Head of Threat Research at ESET. Together with Adam Burgher, Senior Threat Intelligence Analyst at ESET, he worked on these investigations.
Destinations in Europe too
Foreign ministries of several African countries as well as institutions in Europe, the Middle East and Asia were victims of the APT group BackdoorDiplomacy. Other destinations are telecommunications companies and at least one charity. In each of these cases, the attackers used similar tactics, techniques, and procedures (TTPs). However, they modified the tools used, even within narrow geographic areas, which should likely make the group difficult to track.
Windows and Linux systems are attacked
The BackdoorDiplomacy operates across platforms. Both Windows and Linux systems are attacked by the group. The hackers targeted servers with open ports on the Internet. According to the ESET researchers, they are exploiting inadequate security precautions when uploading files or unpatched vulnerabilities.
Some of the victims were attacked with special data collection programs that search for removable media on the systems. When a drive is recognized, all files on it are copied to a password-protected archive. BackdoorDiplomacy is able to steal the victim's system information, take screenshots and write, move or delete files.
More at ESET.com
About ESET ESET is a European company with headquarters in Bratislava (Slovakia). ESET has been developing award-winning security software since 1987 that has already helped over 100 million users enjoy secure technology. The broad portfolio of security products covers all common platforms and offers companies and consumers worldwide the perfect balance between performance and proactive protection. The company has a global sales network in over 180 countries and branches in Jena, San Diego, Singapore and Buenos Aires. For more information, visit www.eset.de or follow us on LinkedIn, Facebook and Twitter.