A report released by ESET researchers on June 10th details a threat group dubbed BackdoorDiplomacy attributed to campaigns targeting Ministries of Foreign Affairs of many African, Middle East, and European countries. The report notes attacks against private industry by BackdoorDiplomacy as well. Researchers noted links between the tactics of BackdoorDipolmacy and several other groups out of Asia using the Turian and Quarian backdoor. ESET goes as far as to claim a link to “CloudComputating” group analyzed by Sophos earlier this year.
BackdoorDiplomacy uses a backdoor named Whitebird.1. BackdoorDiplomacy targets Internet-facing assets specifically F5 BIP-IP, Microsoft Exchange Servers, and misconfigured Plesk servers. It should be noted this group seems to be skilled at intrusions in Windows, Linux and other platforms, working in whatever environment the target leaves vulnerable.