BackdoorDiplomacy

BackdoorDiplomacy, also known as Playful Taurus, APT15, Vixen Panda, KeChang, and NICKEL, is a threat actor group associated with Chinese cyber espionage campaigns. This group has been particularly active in Africa, targeting high-priority organizations in telecommunications, finance, and government sectors, especially in South Africa, Kenya, Senegal, and Ethiopia. Their activities have been linked to China's strategic ambitions in shaping policies and narratives that align with its geopolitical objectives, thus playing a significant role in Africa's digital evolution. The group's activities have been tracked under various names, including BackdoorDiplomacy, Cluster Alpha, and TA428, reflecting the complex and evolving nature of their operations. They have demonstrated a capacity for upgrading their tools, as evidenced by their shift from Quarian to Turian. They are also known for conducting new attacks against telecommunication, finance, and government entities, which have been attributed to both the BackdoorDiplomacy APT and the group behind Operation Tainted Love. These groups' activities have been detailed in multiple reports, including those by ESET, Bitdefender, and SentinelOne, highlighting their sustained strategic intrusions in Africa. The disclosure of these activities coincided with a parallel report detailing similar tactics used by other China-linked APT groups, including Earth Estries and Operation Tainted Love. These findings underscore the persistent and pervasive threat posed by these actors to global cybersecurity.