BackdoorDiplomacy

Threat Actor updated 22 days ago (2024-11-29T14:18:12.884Z)
Download STIX
Preview STIX
BackdoorDiplomacy, also known as Playful Taurus, APT15, Vixen Panda, and NICKEL, is a Chinese advanced persistent threat (APT) group. This threat actor has been involved in cyber espionage campaigns, primarily targeting government entities, telecommunication, and finance organizations. The group's activities have been traced back to several significant campaigns such as Operation Tainted Love and Earth Estries. BackdoorDiplomacy's attacks are characterized by their strategic nature, with the intent of supporting China's geostrategic ambitions and shaping policies and narratives that align with its objectives. The group's operations span across multiple continents, with a particular focus on Africa. Countries such as South Africa, Kenya, Senegal, and Ethiopia have been notable targets in these campaigns. Security researcher Tom Hegel highlighted that the targeted intrusions by BackdoorDiplomacy indicate a deliberate intention to establish China as a pivotal force in Africa's digital evolution. In one instance, BackdoorDiplomacy operated across Africa in a three-year endeavor targeting governmental organizations in Kenya using tactics similar to those deployed in Operation Tainted Love. Investigations into BackdoorDiplomacy's activities revealed a series of artifacts linking the group to the QSC framework and CloudComputating. Cybersecurity research identified a set of binaries vulnerable to sideloading attacks, suggesting a cyber-espionage operation most likely carried out by BackdoorDiplomacy. The disclosure of these activities coincided with reports detailing sustained strategic intrusions by Chinese threat actors in Africa, including those aimed at telecommunication, finance, and government sectors.
Description last updated: 2024-11-08T15:16:19.877Z
What's your take? (Question 1 of 1)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Apt
Espionage
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Source Document References
Information about the BackdoorDiplomacy Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more