"Playful Taurus Targeted Iranian Government Entities for Months"

According to research by Palo Alto Networks, the Chinese Advanced Persistent Threat (APT) group called Playful Taurus, also known as APT15, KeChang, NICKEL, BackdoorDiplomacy, and Vixen Panda, targeted multiple Iranian government organizations between July and December 2022. The APT group was observed attempting to connect government domains to malware infrastructure previously linked to the threat actor. Palo Alto Networks stated that recent improvements to the Turian backdoor and new command-and-control (C2) infrastructure indicate that these cyber espionage activities continue to be successful for the group. The analysis of samples and connections to the malicious infrastructure suggests that Iranian government networks have likely been compromised. The company has also warned that the threat actor has employed similar techniques and strategies against government and diplomatic bodies in North and South America, Africa, and the Middle East. Researchers noted that in recent operations against Iranian government entities, Playful Taurus used a new version of the Turian malware and new C2 infrastructure. The new version of the threat actor's backdoor features enhanced obfuscation, an altered network protocol, and an updated decryption algorithm. The malware enables capabilities to update the C2 server's communication, execute commands, and spawn reverse shells. This article continues to discuss the history and recent activities of the Playful Taurus APT group. 

CSO Online reports "Playful Taurus Targeted Iranian Government Entities for Months"