There is a new cybersecurity attack that is targeting Africa and Middle East diplomatic missions.
The new malware variant called Turian was uncovered by ESET, a global IT security software and service provider.
According to ESET, the attacks are targeted towards Ministries of Foreign Affairs and telecommunication companies in Africa and the Middle East.
"The investigation and findings reveal that the BackdoorDiplomacy group is executing a cross-platform attack approach that targets both Windows and Linux systems," ESET said in statement on Tuesday.
According to the IT firm, the attacks usually start by exploiting vulnerable internet-exposed applications on webservers in order to install a custom backdoor that ESET has called Turian.
Furthermore, the group can detect removable media, most likely USB flash drives, and copy their contents to the main drive’s recycle bin.
"The attacks targeted data collection executables and are designed to look for removable media (most likely USB flash drives). The implant routinely scans for such drives and, upon detecting insertion of removable media, attempts to copy all the files on them to a password-protected archive. It is capable of stealing the system information, taking screenshots, and writing, moving, or deleting files," ESET added.
Speaking on the sidelines of the ESET World Conference where the investigation report was tabled, ESET Channel Manager East Africa, Ken Kimani said that the “by definition, an advanced persistent threat is an attack by an unauthorized user who gains access to a system or network and remains there for an extended period of time without being detected giving them have continued access to sensitive data that they seek to steal."
He added that, "The group is targeting servers with internet-exposed ports and likely exploiting poorly enforced file-upload security or unpatched vulnerabilities which leave missions and organizations exposed leading to loss of sensitive data”.
Kimani said the victims of BackdoorDiplomacy have been discovered in the Ministries of Foreign Affairs of several African countries, as well as in Europe, the Middle East, and Asia.
Additional targets include telecommunications companies in Africa, and at least one Middle Eastern charity.
