Security News > 2023 > April > Russian Hackers Tomiris Targeting Central Asia for Intelligence Gathering

The Russian-speaking threat actor behind a backdoor known as Tomiris is primarily focused on gathering intelligence in Central Asia, fresh findings from Kaspersky reveal.

Tomiris first came to light in September 2021 when Kaspersky highlighted its potential connections to Nobelium, the Russian nation-state group behind the SolarWinds supply chain attack.

"More precisely, on September 13, 2022, around 05:40 UTC, an operator attempted to deploy several known Tomiris implants via Telemiris: first a Python Meterpreter loader, then JLORAT and Roopy," the researchers explained.

That said, despite the potential ties between the two groups, Tomiris is said to be separate from Turla owing to differences in their targeting and tradecrafts, once again raising the possibility of a false flag operation.

On the other hand, it's also highly probable that Turla and Tomiris collaborate on select operations or that both the actors rely on a common software provider, as exemplified by Russian military intelligence agencies' use of tools supplied by a Moscow-based IT contractor named NTC Vulkan.

"Overall, Tomiris is a very agile and determined actor, open to experimentation," the researchers said, adding "There exists a form of deliberate cooperation between Tomiris and Turla."

News URL

https://thehackernews.com/2023/04/russian-hackers-tomiris-targeting.html