Turian Backdoor

Turian Backdoor Description

The Turian Backdoor is a new custom-made threat, employed in attacks by a previously unknown hacker group. This new threat actor established on the cybergang scene has been dubbed BackdoorDiplamacy and is believed to have been active since at least 2017. The setup and infrastructure of the group's threatening operations point towards it being a state-sponsored APT (Advanced Persistent Threat). The highly localized set of victims also supports this conjecture. 

So far BackdoorDiplomacy has carried out attacks against government institutions such as the Ministries of Foreign Affairs of multiple African countries as well as Europe, the Middle East, and Asia. The group also has breached several telecommunications firms operating in Africa and at least one charity organization from the Middle East. 

As for the Turian Backdoor, it is just one of the numerous threatening instruments that comprise BackdoorDiplomacy's malware kit. Initial analysis reveals that the threat was developed based on the Quarian backdoor, a malware tool that was leveraged against diplomatic targets in a series of attacks back in 2013. The Turian Backdoor also is essential for exfiltrating any information siphoned from the compromised systems. After all, the main goal of the BackdoorDiplomacy hackers is to collect data from their targets. As such, the main payload delivered to the infected victims is capable of collecting and uploading system data, taking arbitrary screenshots, as well as manipulating the file system (moving, deleting, creating. and collecting files). 

Information stored on removable media such as flash drives also is threatened. The files stored there will be copied and assembled into a password-protected archive that is then uploaded to the Command-and-Control server by the Turian Backdoor.