Threat Intelligence Feed

G0135 – BackdoorDiplomacy is a cyber espionage threat group that has been active since at least 2017. BackdoorDiplomacy, is an advanced persistent threat (APT) gang with roots in China, is most likely behind a hostile campaign targeting the Middle East. Has been targeting Ministries of Foreign Affairs and telecommunication companies in Africa and the Middle East. For initial infection vectors, the group favors exploiting vulnerable internet-exposed devices such as web servers and management interfaces for networking equipment. Once on a system, its operators make use of open-source tools for scanning the environment and lateral movement. Interactive access is achieved in two ways: (1) via a custom backdoor we are calling Turian that is derived from the Quarian backdoor; and (2) in fewer instances, when more direct and interactive access is required, certain open-source remote access tools are deployed. In several instances, the group has been observed targeting removable media for data collection and exfiltration.

To stay protected against threats like BackdoorDiplomacy, organizations and individuals should adhere to best practices. These include regular software updates, employee training on recognizing phishing attempts, the use of strong and unique passwords, network segmentation, and the deployment of advanced threat detection and response solutions.

Given the rapidly evolving nature of cyber threats, it’s essential to stay informed about the latest developments in the cybersecurity landscape through reputable sources, cybersecurity firms, and official security advisories. By remaining vigilant and proactive, you can better protect your systems and data against emerging threats like G0135 – BackdoorDiplomacy.