Tomiris, a threat actor targeting government and diplomatic entities in Russia and Central Asia, has adopted new tactics utilizing public services as command-and-control servers to evade detection. The campaign involves sophisticated malware, including implants and reverse shells, with an emphasis on stealth, persistence, and multi-language capabilities. #Tomiris #Kaspersky #SUNSHUTTLE #YoroTrooper #AdaptixC2
Keypoints
- Tomiris has shifted to using public messaging platforms like Telegram and Discord as command-and-control servers.
- The attacker targets high-value political and diplomatic infrastructure mainly in Russia and Central Asia.
- Malware includes custom implants, reverse shells, and open-source frameworks such as Havoc and AdaptixC2.
- Phishing emails often contain password-protected RAR files with malicious executables and scripts in different programming languages.
- The campaign emphasizes stealth, persistence, and multi-lingual capabilities to evade detection and maintain long-term access.
Read More: https://thehackernews.com/2025/12/tomiris-shifts-to-public-service.html