← threatfilter.dev / all groups / BackdoorDiplomacy
BackdoorDiplomacy
Overview
BackdoorDiplomacy is a cyber espionage threat group that has been active since at least 2017. BackdoorDiplomacy has targeted Ministries of Foreign Affairs and telecommunication companies in Africa, Europe, the Middle East, and Asia.
Targets
Government · Telecommunications
Regions
Albania · Croatia · Georgia · Iran · Libya · Namibia · Poland · Qatar · Saudi Arabia · Sri Lanka · Sudan · Uzbekistan
Capabilities
- Exploitation of public-facing / client applications — ATT&CK T1190
TTPs — 15 techniques across 7 tactics
Initial Access
Persistence
-
T1505.003Web Shell
Stealth
-
T1027Obfuscated Files or Information -
T1036.004Masquerade Task or Service -
T1036.005Match Legitimate Resource Name or Location -
T1055.001Dynamic-link Library Injection -
T1574.001DLL
Discovery
Collection
-
T1074.001Local Data Staging
Command and Control
-
T1095Non-Application Layer Protocol -
T1105Ingress Tool Transfer
Tools & malware (5)
Turian · China Chopper · Mimikatz · NBTscan · QuasarRAT
Reporting (1)
- BackdoorDiplomacy: Upgrading from Quarian to Turian — Adam Burgher