Jakarta, COTEKNO.COM – Based on the latest ESET research in 2021 found that there is a backdoor called ‘Backdoor Diplomacy’ targeting Ministry of Foreign Affairs from Asia to Africa and telecommunications companies. Backdoor itself is an attack mechanism that can be used to access a system, application, or network, apart from the commonly used mechanisms.
Jean-Ian Boutin, Head of Threat Research at ESET explained, this latest Advanced Persistent Threat (APT) group threat chooses its attack targets carefully and carefully, such as the Ministry of Foreign Affairs (Kemenlu) which is part of government networks and telecommunications companies, so it’s not a random target like most cybercriminals have done so far.
Also read: NTT Report: Global Cyber Attacks Up 300%
“Victims of this attack have been found in several African Foreign Ministries, as well as in Europe, the Middle East and Asia. Additional targets include telecom companies in Africa, and at least one Middle Eastern charity. And what makes it even more dangerous, Backdoor Diplomacy is sharing tactics, techniques, and procedures with other groups based in Asia,” said Jean in a statement, Friday (11/6).
As a result of the case investigation, it was discovered that the operator used TTP-like Tactics, Techniques and Procedures, but that modifying the tools used, even in close geographic areas, was likely done to make group tracking more difficult.
BackdoorDiplomacy is also a cross-platform group targeting Windows and Linux systems. This group targets servers with ports exposed to the internet, possibly exploiting poorly secured file upload security or unpatched vulnerabilities.
Also read: Strengthening the Role of the PDP Law, an Independent Supervisory Agency Needs to be Present
“Some of the victims were targeted with data collection executables designed to search for removable media (most likely USB flash drives). They will routinely scan the drive, upon detecting the insertion of removable media, it then tries to copy all the files on it to a password protected archive. BackdoorDiplomacy is able to steal victim system information, take screenshots, and write, move, or even delete files,” said Jean.
Meanwhile, Yudhi Kukuh, IT Security Consultant at PT Prosperita Mitra Indonesia, explained that by targeting government and large corporate networks, the consequences of data intrusion and theft will be very complicated because it will target very valuable important data.
Also read: Understanding Personal Data Security is Still a Challenge
APT attacks will never be simple, the impact can be felt in the long term, because state secrets are always related to politics, economy, social and military.
“Running an APT attack requires more resources than a standard web application attack. The perpetrators are usually a team of experienced cybercriminals who have substantial financial backing,” he said.
And you need to know, APT attacks are different from traditional web application threats, in that they are significantly more complex, they are not hit and run while executing the attack, once the network is compromised, the perpetrator stays around to get as much information as possible, until finally executed manually (not automatically). ).