ShadowSilk is a cyber threat cluster targeting government and sector organizations in Central Asia and APAC through sophisticated spear-phishing and malware techniques. Their operations involve multi-regional cooperation, using custom loaders, web shells, RATs, and VPN-like C2 channels to exfiltrate data and maintain persistence. #ShadowSilk #YoroTrooper #SilentLynx #CVE2018 #TelegramBot
Keypoints
- ShadowSilk targets government entities and industries across Central Asia and APAC using spear-phishing campaigns.
- The threat activity overlaps with the YoroTrooper, Silent Lynx, and SturgeonPhisher groups, with bilingual, multi-regional operators.
- The group employs custom malware, exploits, web shells, and tunneling utilities for lateral movement and data exfiltration.
- They leverage Telegram bots and web infrastructure to disguise C2 traffic and evade detection.
- Recent activity shows the group remains highly active, focusing on long-term compromises and data theft in government sectors.
Read More: https://thehackernews.com/2025/08/shadowsilk-hits-36-government-targets.html