1. Forum
  2. tqwNet
  3. TQW GENTECH

  • Russian speaking hacking group now shifting focus to government t

    From TechnologyDaily@1337:1/100 to All on Tuesday, December 02, 2025 18:30:08
    Russian speaking hacking group now shifting focus to government targets

    Date:
    Tue, 02 Dec 2025 18:29:00 +0000

    Description:
    The focus is now on stealth, long-term persistence, and cyber-espionage against government and similar organizations.

    FULL STORY ======================================================================Tomiris APT targets government bodies with multi-language malware implants Group
    hides C2 traffic in Telegram/Discord, using phishing for initial access Campaign focuses on state-level intelligence, hitting Russia and Central
    Asian institutions

    Tomiris, a Russian-speaking APT hacking group, has narrowed down its attack focus to target government ministries, intergovernmental organizations, and politically significant institutions.

    This is according to a new report from cybersecurity researchers Kaspersky, which claims that from early 2025, there has been a wave of intrusions in which Tomiris deployed a large arsenal of multi-language implants.

    The tools, written in Go, Rust, Python, and PowerShell (among others), were designed for flexibility, obfuscation, as well as to make attribution more difficult.

    Aura can protect your family with a plethora of features: Password Manager,
    ID theft protection, Antivirus, VPN, Parental Control and much more for just $20 per month! View Deal Targeting Russian and Central Asian victims

    Tomiris is now hiding its command-and-control (C2) infrastructure in public services such as Telegram, or Discord, it was said, which helps it hide malicious traffic inside normal, encrypted messaging flows.

    Several reverse shells such as the Tomiris Python, Discord ReverseShell, or the Tomiris Python Telegram ReverseShell, rely completely on these platforms for both receiving commands and exfiltrating stolen data.

    Initial access is usually achieved via phishing, using rules written in Russian. Once the stage-one malware is deployed, the attackers would lurk,
    run system commands, and deploy stage-two malware. Kaspersky also said that frameworks such as Havoc and AdaptixC2 appear in later phases, and are used for persistence, lateral movement, and device takeover.

    More than half of Tomiriss phishing lures target Russian-speaking individuals or institutions, it was said. The rest are located in Central Asian nations such as Turkmenistan, Kyrgyzstan, Tajikistan, and Uzbekistan. Kaspersky also stresses that this is not opportunistic crime, but rather a campaign centered on state-level intelligence collection.

    The evolution in tactics underscores the threat actors focus on stealth, long-term persistence, and the strategic targeting of government and intergovernmental organizations, Kaspersky concludes. The use of public services for C2 communications and multi-language implants highlights the
    need for advanced detection strategies, such as behavioral analysis and network traffic inspection, to effectively identify and mitigate such
    threats.

    Via The Hacker News

    Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the
    Follow button!

    And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/russian-speaking-hacking-group-now-shif ting-focus-to-government-targets


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)