The latest ESET research in 2021 found backdoors targeting Ministries of Foreign Affairs (Kemenlu) from Asia to Africa and telecommunications companies. This backdoor is known as Backdoor Diplomacy.
The threat group Advanced Persistent Threat (APT) has recently chosen its attack targets carefully and carefully, such as the Ministry of Foreign Affairs which is part of government networks and telecommunications companies, data traffic centers. So, not the original target to choose.
Victims of Backdoor Diplomacy have been found in the Ministry of Foreign Affairs of several African, European, Middle East and Asian countries. Additional targets include telecom companies in Africa, and at least one Middle Eastern charity.
“BackdoorDiplomacy shares tactics, techniques and procedures with other groups based in Asia,” said Jean-Ian Boutin, Head of Threat Research at ESET.
Data from the Ministry of Foreign Affairs targeted by online thieves
BackdoorDiplomacy is capable of stealing victim system information, taking screenshots, and writing, moving, or deleting files. By targeting government and large corporate networks, the consequences of intrusion and theft of this data will of course be very complicated because they include:
- Theft of intellectual property for example, trade secrets or patents
- Infiltrated sensitive information such as personal data of employees and users
- Sabotage critical organizational infrastructure such as database deletion
The impact of the APT attack will never be simple, the impact can be felt in the long term, because state secrets are always related to politics, economy, social and military.
“Running an APT attack requires more resources than a standard web application attack. The perpetrators are usually a team of experienced cyber criminals who have substantial financial backing,” said IT Security Consultant PT Prosperita Mitra Indonesia Yudhi Kukuh.
APT attacks differ from traditional web application threats, in that they are significantly more complex. They are not hit and run while running an attack, once the network is compromised, the perpetrators stay behind to get as much information as possible.
And usually, these attacks are executed manually (not automatically) against specific alerts and launched indiscriminately against a large number of targets. In addition, they often aim to infiltrate the entire network, not just one particular section.
Close the security system
This kind of infiltration will continue, the theft of valuable information and state secrets will not stop. So what must be done now is how to continue to strengthen and tighten the security system so that it cannot be penetrated. Here are some things to do:
- Monitoring incoming and outgoing traffic is considered a best practice to prevent backdoor installation and block extraction of stolen data
- Controls the domains accessible from the network, as well as the applications that users can install. This is another useful method to reduce the success rate of APT attacks by minimizing the attack surface
- Patch network software and OS vulnerabilities as quickly as possible
- Remote connection encryption to prevent intruders support them to infiltrate the site
- Filters incoming email to prevent spam and phishing attacks targeting the network.
Watch Videos”Watch out! Beware of Fake FaceApps“