Security News > 2023 > January > Iranian Government Entities Under Attack by New Wave of BackdoorDiplomacy Attacks

The threat actor known as BackdoorDiplomacy has been linked to a new wave of attacks targeting Iranian government entities between July and late December 2022.

Palo Alto Networks Unit 42, which is tracking the activity under its constellation-themed moniker Playful Taurus, said it observed the government domains attempting to connect to malware infrastructure previously identified as associated with the adversary.

Slovak cybersecurity firm ESET, in June 2021, unpacked the intrusions mounted by hacking crew against diplomatic entities and telecommunication companies in Africa and the Middle East using a custom implant known as Turian.

The threat actor was most recently attributed to an attack on an unnamed telecom company in the Middle East using Quarian, a predecessor of Turian that allows a point of remote access into targeted networks.

Turian "Remains under active development and we assess that it is used exclusively by Playful Taurus actors," Unit 42 said in a report shared with The Hacker News, adding it discovered new variants of the backdoor used in attacks singling out Iran.

"Recent upgrades to the Turian backdoor and new C2 infrastructure suggest that these actors continue to see success during their cyber espionage campaigns."

News URL

https://thehackernews.com/2023/01/iranian-government-entities-under.html