Threat Actor Profile
High APT
Description

BackdoorDiplomacy is a cyber espionage threat group that has been active since at least 2017. BackdoorDiplomacy has targeted Ministries of Foreign Affairs and telecommunication companies in Africa, Europe, the Middle East, and Asia.(Citation: ESET BackdoorDiplomacy Jun 2021)

Confidence Score
90%
Known Aliases
BackdoorDiplomacy
Tags
mitre-attack stix-2.1 intrusion-set
First Seen

Unknown

Last Updated

Unknown

Active Status
Active
Created

April 29, 2026

MITRE ATT&CK Techniques (15)
T1074.001 - Local Data Staging
Collection
T1095 - Non-Application Layer Protocol
Command and Control
T1105 - Ingress Tool Transfer
Command and Control
T1027 - Obfuscated Files or Information
Defense Evasion
T1036.004 - Masquerade Task or Service
Defense Evasion
T1036.005 - Match Legitimate Resource Name or Locat…
Defense Evasion
T1055.001 - Dynamic-link Library Injection
Defense Evasion
T1046 - Network Service Discovery
Discovery
T1049 - System Network Connections Discovery
Discovery
T1120 - Peripheral Device Discovery
Discovery
T1190 - Exploit Public-Facing Application
Initial Access
T1505.003 - Web Shell
Persistence
T1574.001 - DLL
Persistence
T1588.001 - Malware
Resource Development
T1588.002 - Tool
Resource Development
Indicators of Compromise

Loading IOCs…

IOC KQL for Sentinel
STIX Data 
{'aliases': ['BackdoorDiplomacy'],
 'created': '2021-09-21T14:52:49.596Z',
 'created_by_ref': 'identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5',
 'description': '[BackdoorDiplomacy](https://attack.mitre.org/groups/G0135) is '
                'a cyber espionage threat group that has been active since at '
                'least 2017. '
                '[BackdoorDiplomacy](https://attack.mitre.org/groups/G0135) '
                'has targeted Ministries of Foreign Affairs and '
                'telecommunication companies in Africa, Europe, the Middle '
                'East, and Asia.(Citation: ESET BackdoorDiplomacy Jun 2021)',
 'external_references': [{'external_id': 'G0135',
                          'source_name': 'mitre-attack',
                          'url': 'https://attack.mitre.org/groups/G0135'},
                         {'description': 'Adam Burgher. (2021, June 10). '
                                         'BackdoorDiplomacy: Upgrading from '
                                         'Quarian to Turian. Retrieved '
                                         'September 1, 2021',
                          'source_name': 'ESET BackdoorDiplomacy Jun 2021',
                          'url': 'https://www.welivesecurity.com/2021/06/10/backdoordiplomacy-upgrading-quarian-turian/'}],
 'id': 'intrusion-set--9735c036-8ebe-47e9-9c77-b0ae656dab93',
 'modified': '2025-04-25T14:48:58.613Z',
 'name': 'BackdoorDiplomacy',
 'object_marking_refs': ['marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168'],
 'spec_version': '2.1',
 'type': 'intrusion-set',
 'x_mitre_attack_spec_version': '3.2.0',
 'x_mitre_contributors': ['Zaw Min Htun, @Z3TAE'],
 'x_mitre_deprecated': False,
 'x_mitre_domains': ['enterprise-attack'],
 'x_mitre_modified_by_ref': 'identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5',
 'x_mitre_version': '1.0'}
Quick Actions
Related TTPs (15)
Local Data Staging
Collection
Non-Application Layer Protocol
Command and Control
Ingress Tool Transfer
Command and Control
Obfuscated Files or Informati…
Defense Evasion
Masquerade Task or Service
Defense Evasion
View All 15 TTPs
Back to Threat Actors
Dashboard Home