Cyber Security News

Russian Tomiris APT Adopts “Polyglot” Strategy, Hijacking Telegram/Discord as Covert C2 for Diplomatic Spies

CybersecurityNews
Russian Tomiris APT Adopts “Polyglot” Strategy, Hijacking Telegram/Discord as Covert C2 for Diplomatic Spies

A threat actor named Tomiris has evolved its tactics for targeting high-level diplomatic and political organizations by using public chat platforms as C2 servers and deploying diverse, polyglot malware. This strategic shift enhances their ability to evade detection and maintain long-term access to sensitive networks. #Tomiris #Discord #Telegram #diplomaticcyberattackers

Keypoints

  • Tomiris is a notorious threat actor targeting government and diplomatic entities.
  • The group now leverages platforms like Telegram and Discord for command-and-control operations.
  • They deploy a variety of implants written in multiple programming languages, including Go, Rust, and Python.
  • Initial infection occurs through phishing emails with password-protected archives containing malware.
  • The campaign’s focus is highly strategic, targeting foreign ministries and intergovernmental organizations.

Read More: https://securityonline.info/russian-tomiris-apt-adopts-polyglot-strategy-hijacking-telegram-discord-as-covert-c2-for-diplomatic-spies/