The APT group has been active since 2017 and exploits targets in Africa, Asia, and the Middle East. The group exploits vulnerable internet-exposed devices such as management interfaces for networking equipment and web servers. The next step is to use open-source tools for scanning the environment and lateral movement.
Interactive access is achieved in two ways:
Both Windows and Linux operating systems have been targeted with this APT.
CloudComputing is another group that is linked to this APT group. BackdoorDiplomacy uses a network encryption method similar to a backdoor called “Backdoor.Whitebird.1.” by Dr.Web. This backdoor is used to target institutions in Kyrgyzstan and Kazakhstan (both neighbors of a BackdoorDiplomacy victim in Uzbekistan).