Backdoordiplomacy Haker group, mentioned for the first time in 2021, was seen in the new wave of attacks on Iranian government institutions from July to the end of December 2022.
Specialists from the Unit 42 division Palo Alto Networks gave the group their own name “Playful Taurus” (from English “Playful Taurus”). They stated that they observed attempts by Iranian government domains to connect to the infrastructure of harmful software associated with attackers.
More recently, hackers were noticed in an attack on an unnamed telecommunication company in the Middle East. They took advantage of the malice of Quarian (predecessor Turian), which provides remote access to target networks.
Turian “remains at the stage of active development, and, according to our estimates, it is used exclusively by Playful Taurus hackers,” the Unit 42 report said that they observed four different Iranian organizations, including state -owned ones that applied To the famous command-administrative server (C2) attributed to this group.
“The daily nature of the infrastructure connections implies the likely compromising of these networks,” the report said.
New versions of Turian’s backdor contain additional obsc them, as well as an updated decryption algorithm used to extract C2 servers. However, the harmful software in itself is universal, since it offers basic functions for connecting, performing commands and starting the reverse shells.
It is argued that the interest of the Backdoordiplomacy group in Iran has geopolitical consequences. After all, all these attacks take place against the background of an agreement signed between China and Iran for the development of economic, military cooperation and cooperation in the field of security.
“Playful Taurus continues to develop its tactics and tools. Recent Backdor Turian Backdor updates and the new C2 infrastructure suggest that the group continues to succeed in their cyberspilation campaigns”, – the Unit 42.
researchers say