1. Forum
  2. Fidonet
  3. CONSPRCY

  • Russian speaking hacking

    From Mike Powell@1:2320/105 to All on Wed Dec 3 10:11:47 2025
    Russian speaking hacking group now shifting focus to government targets

    Date:
    Tue, 02 Dec 2025 18:29:00 +0000

    Description:
    The focus is now on stealth, long-term persistence, and cyber-espionage
    against government and similar organizations.

    FULL STORY

    Tomiris, a Russian-speaking APT hacking group, has narrowed down its attack focus to target government ministries, intergovernmental organizations, and politically significant institutions.

    This is according to a new report from cybersecurity researchers Kaspersky, which claims that from early 2025, there has been a wave of intrusions in
    which Tomiris deployed a large arsenal of multi-language implants.

    The tools, written in Go, Rust, Python, and PowerShell (among others), were designed for flexibility, obfuscation, as well as to make attribution more difficult.

    Targeting Russian and Central Asian victims

    Tomiris is now hiding its command-and-control (C2) infrastructure in public services such as Telegram, or Discord, it was said, which helps it hide malicious traffic inside normal, encrypted messaging flows.

    Several reverse shells such as the Tomiris Python, Discord ReverseShell, or
    the Tomiris Python Telegram ReverseShell, rely completely on these platforms for both receiving commands and exfiltrating stolen data.

    Initial access is usually achieved via phishing, using rules written in Russian. Once the stage-one malware is deployed, the attackers would lurk,
    run system commands, and deploy stage-two malware. Kaspersky also said that frameworks such as Havoc and AdaptixC2 appear in later phases, and are used
    for persistence, lateral movement, and device takeover.

    More than half of Tomiriss phishing lures target Russian-speaking individuals or institutions, it was said. The rest are located in Central Asian nations such as Turkmenistan, Kyrgyzstan, Tajikistan, and Uzbekistan. Kaspersky also stresses that this is not opportunistic crime, but rather a campaign centered on state-level intelligence collection.

    The evolution in tactics underscores the threat actors focus on stealth, long-term persistence, and the strategic targeting of government and intergovernmental organizations, Kaspersky concludes. The use of public services for C2 communications and multi-language implants highlights the
    need for advanced detection strategies, such as behavioral analysis and
    network traffic inspection, to effectively identify and mitigate such
    threats.

    Via The Hacker News

    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/russian-speaking-hacking-group-now-shif ting-focus-to-government-targets

    $$
    --- SBBSecho 3.28-Linux
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)