BackdoorDiplomacy

Threat Actor Profile Updated 24 days ago
Download STIX
Preview STIX
BackdoorDiplomacy, also known as Playful Taurus, APT15, Vixen Panda, KeChang, and NICKEL, is a Chinese advanced persistent threat group known for conducting cyber espionage campaigns. The group has been active in various parts of the world, with a notable concentration on government entities, high-priority telecommunications, and finance organizations across Africa, particularly in South Africa, Kenya, Senegal, and Ethiopia. Security researcher Tom Hegel highlighted that the targeted intrusions by BackdoorDiplomacy indicate an intention to support China's efforts to shape policies and narratives aligned with its geostrategic ambitions, thereby establishing itself as a defining force in Africa's digital evolution. In recent years, BackdoorDiplomacy has upgraded from Quarian to Turian, as revealed by ESET. This upgrade has seen the group launch new attacks against telecommunication, finance, and government sectors. These attacks have been attributed to both BackdoorDiplomacy and the threat group orchestrating Operation Tainted Love. Notably, these activities were disclosed in parallel with a report from SentinelOne detailing sustained strategic intrusions by Chinese threat actors in Africa. Another significant campaign was a three-year endeavor targeting governmental organizations in Kenya using tactics similar to those deployed in Operation Tainted Love. During an investigation into binaries vulnerable to sideloading attacks, it was determined that this cyber-espionage operation was most likely carried out by BackdoorDiplomacy. The group's actions underscore the evolving nature of cyber threats and the need for robust cybersecurity measures, particularly in sectors and regions of strategic interest.
What's your take? (Question 1 of 1)
f9f2f1b5-a555-4c30-95ba-f651fdd33108 Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Apt
Espionage
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the BackdoorDiplomacy Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
Bitdefender
a year ago
BackdoorDiplomacy Wields New Tools in Fresh Middle East Campaign
Unit42
a year ago
Chinese Playful Taurus Activity in Iran
CERT-EU
a year ago
Operation Soft Cell: Chinese Hackers Breach Middle East Telecom Providers
DARKReading
8 months ago
Growing Chinese Tech Influence in Africa Spurs 'Soft Power' Concerns
CERT-EU
8 months ago
Mysterious 'Sandman' Threat Actor Targets Telecom Providers Across Three Continents
CERT-EU
8 months ago
Cyber Soft Power : China's Continental Takeover – Global Security Mag Online