3C-INT logo [Cyber]Crime Characterization for Intelligence FREE PREVIEW
You are exploring the Free preview. To unlock full read-only access to all public profiles and in-app notifications, create a free research account. For analyst / premium plans capabilities (editing, advanced tabs, exports), please contact us

Threat Actor Characterization

Back
You’re viewing the read-only version. Sign in for analyst tools (editors, promote draft, file/relations management, etc.)
BackdoorDiplomacy

BackdoorDiplomacy

ID: 57bfb6a722a7586cfde6442edc8896cf17277
Cybercrime State-Sponsored
Threat types: Intrusion, Espionage, Phishing
Unknown UNKNOWN
Updated: 2026-01-13
Created: 2025-10-21
Progress: 35% Completeness: 28% Freshness: 50%
Operation zone: UNKNOWN
Aliases Limited alias preview
No aliases registered.
Actor Network Graph
Open Network Graph
Read-only preview for anonymous visitors. Sign in with a free Research account for full workspace.
MITRE ATT&CK®
confidence: medium
Actor Techniques page ATT&CK® Diagram

BackdoorDiplomacy is a cyber espionage threat group that has been active since at least 2017. BackdoorDiplomacy has targeted Ministries of Foreign Affairs and telecommunication companies in Africa, Europe, the Middle East, and Asia. Ref: https://attack.mitre.org/groups/G0135/


Technique Technique name Tactics Evidence
T1036.004 Masquerade Task or Service TA0005
  • Masquerading: Masquerade Task or Service - BackdoorDiplomacy has disguised their backdoor droppers with naming conventions designed to blend into normal operations. · ref
T1036.005 Match Legitimate Resource Name or Location TA0005
  • Masquerading: Match Legitimate Resource Name or Location - BackdoorDiplomacy has dropped implants in folders named for legitimate software. · ref
T1055.001 Dynamic-link Library Injection TA0004 TA0005
  • Process Injection: Dynamic-link Library Injection - BackdoorDiplomacy has dropped legitimate software onto a compromised host and used it to execute malicious DLLs. · ref
T1074.001 Local Data Staging TA0009
  • Data Staged: Local Data Staging - BackdoorDiplomacy has copied files of interest to the main drive's recycle bin. · ref
T1505.003 Web Shell TA0003
  • Server Software Component: Web Shell - BackdoorDiplomacy has used web shells to establish an initial foothold and for lateral movement within a victim's system. · ref
T1574.001 DLL TA0003 TA0004 TA0005
  • Hijack Execution Flow: DLL - BackdoorDiplomacy has executed DLL search order hijacking. · ref
T1588.001 Malware TA0042
  • Obtain Capabilities: Malware - BackdoorDiplomacy has obtained and used leaked malware, including DoublePulsar, EternalBlue, EternalRocks, and EternalSynergy, in its operations. · ref
T1588.002 Tool TA0042
  • Obtain Capabilities: Tool - BackdoorDiplomacy has obtained a variety of open-source reconnaissance and red team tools for discovery and lateral movement. · ref
Strategic Intelligence
Limited preview
No content.
Full strategic intelligence is available in Analyst and Premium plans.
Executive Analyst Brief for CISO
Empty Limited preview
No content yet.
Tip: Hover the section title to learn what’s included in Analyst / Premium plans.
Executive brief now
Saved successfully.
Hunting Playbook
Empty Limited preview
No content yet.
Tip: Hover the section title to learn what’s included in Analyst / Premium plans.
Hunting Playbook now
Saved successfully.
IOC Appendix
Empty Limited preview
No content yet.
IOC Appendix now
Saved successfully.
OSINT Library
Empty Limited preview
No content yet.
OSINT Library now
Saved successfully.
Social Medial & Communication
SOCMINT integrated: 0/0
No social links registered for this profile.
Notes: preview mode hides sensitive social/contact details.
Reference Images/Associated Evidence Limited
No images found for this threat.