BackdoorDiplomacy

BackdoorDiplomacy, also known as Playful Taurus, APT15, Vixen Panda, and NICKEL, is a Chinese advanced persistent threat (APT) group. This threat actor has been involved in cyber espionage campaigns, primarily targeting government entities, telecommunication, and finance organizations. The group's activities have been traced back to several significant campaigns such as Operation Tainted Love and Earth Estries. BackdoorDiplomacy's attacks are characterized by their strategic nature, with the intent of supporting China's geostrategic ambitions and shaping policies and narratives that align with its objectives. The group's operations span across multiple continents, with a particular focus on Africa. Countries such as South Africa, Kenya, Senegal, and Ethiopia have been notable targets in these campaigns. Security researcher Tom Hegel highlighted that the targeted intrusions by BackdoorDiplomacy indicate a deliberate intention to establish China as a pivotal force in Africa's digital evolution. In one instance, BackdoorDiplomacy operated across Africa in a three-year endeavor targeting governmental organizations in Kenya using tactics similar to those deployed in Operation Tainted Love. Investigations into BackdoorDiplomacy's activities revealed a series of artifacts linking the group to the QSC framework and CloudComputating. Cybersecurity research identified a set of binaries vulnerable to sideloading attacks, suggesting a cyber-espionage operation most likely carried out by BackdoorDiplomacy. The disclosure of these activities coincided with reports detailing sustained strategic intrusions by Chinese threat actors in Africa, including those aimed at telecommunication, finance, and government sectors.