• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
iranian government entities under attack by new wave of backdoordiplomacy

Iranian Government Entities Under Attack by New Wave of BackdoorDiplomacy Attacks

You are here: Home / General Cyber Security News / Iranian Government Entities Under Attack by New Wave of BackdoorDiplomacy Attacks
January 18, 2023

The threat actor recognized as BackdoorDiplomacy has been connected to a new wave of attacks targeting Iranian govt entities amongst July and late December 2022.

Palo Alto Networks Device 42, which is monitoring the activity beneath its constellation-themed moniker Playful Taurus, reported it observed the government domains trying to connect to malware infrastructure previously discovered as associated with the adversary.

Also known by the names APT15, KeChang, NICKEL, and Vixen Panda, the Chinese APT group has a record of cyber espionage campaigns aimed at government and diplomatic entities across North The us, South The usa, Africa, and the Center East at least considering the fact that 2010.

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


Slovak cybersecurity agency ESET, in June 2021, unpacked the intrusions mounted by hacking crew versus diplomatic entities and telecommunication corporations in Africa and the Center East utilizing a custom made implant identified as Turian.

Then in December 2021, Microsoft introduced the seizure of 42 domains operated by the team in its attacks targeting 29 nations, though pointing out its use of exploits from unpatched programs to compromise internet-going through web applications these as Microsoft Exchange and SharePoint.

The threat actor was most lately attributed to an attack on an unnamed telecom corporation in the Center East employing Quarian, a predecessor of Turian that enables a level of distant entry into qualified networks.

Turian “remains underneath energetic enhancement and we assess that it is utilized completely by Playful Taurus actors,” Unit 42 mentioned in a report shared with The Hacker Information, including it found new variants of the backdoor employed in attacks singling out Iran.

The cybersecurity company even further famous that it noticed 4 different Iranian businesses, which includes the Ministry of International Affairs and the All-natural Assets Corporation, achieving out to a acknowledged command-and-management (C2) server attributed to the team.

“The sustained day-to-day character of these connections to Playful Taurus managed infrastructure implies a very likely compromise of these networks,” it stated.

The new variations of the Turian backdoor activity added obfuscation as nicely as an up-to-date decryption algorithm made use of to extract the C2 servers. Nonetheless, the malware in by itself is generic in that it offers simple functions to update the C2 server to hook up to, execute commands, and spawn reverse shells.

BackdoorDiplomacy’s curiosity in targeting Iran is mentioned to have geopolitical extensions as it arrives versus the backdrop of a 25-calendar year thorough cooperation arrangement signed between China dn Iran to foster financial, armed service, and security cooperation.

“Playful Taurus continues to evolve their methods and their tooling,” researchers mentioned. “The latest upgrades to the Turian backdoor and new C2 infrastructure propose that these actors proceed to see results throughout their cyber espionage strategies.”

Observed this short article appealing? Stick to us on Twitter  and LinkedIn to read through much more distinctive content we publish.


Some areas of this post are sourced from:
thehackernews.com

Previous Post: «Cyber Security News Nissan Supplier Leaked Data on Thousands of Customers
Next Post: Almost Half of Critical Manufacturing at Risk of Breach Cyber Security News»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • BREAKING: 7,000-Device Proxy Botnet Using IoT, EoL Systems Dismantled in U.S. – Dutch Operation
  • OtterCookie v4 Adds VM Detection and Chrome, MetaMask Credential Theft Capabilities
  • Initial Access Brokers Target Brazil Execs via NF-e Spam and Legit RMM Trials
  • Deploying AI Agents? Learn to Secure Them Before Hackers Strike Your Business
  • Malicious npm Packages Infect 3,200+ Cursor Users With Backdoor, Steal Credentials
  • Beyond Vulnerability Management – Can You CVE What I CVE?
  • Google Rolls Out On-Device AI Protections to Detect Scams in Chrome and Android
  • Chinese Hackers Exploit SAP RCE Flaw CVE-2025-31324, Deploy Golang-Based SuperShell
  • 38,000+ FreeDrain Subdomains Found Exploiting SEO to Steal Crypto Wallet Seed Phrases
  • SonicWall Patches 3 Flaws in SMA 100 Devices Allowing Attackers to Run Code as Root

Copyright © TheCyberSecurity.News, All Rights Reserved.