Security News > 2023 > April > Russian Hackers Tomiris Targeting Central Asia for Intelligence Gathering
The Russian-speaking threat actor behind a backdoor known as Tomiris is primarily focused on gathering intelligence in Central Asia, fresh findings from Kaspersky reveal.
Tomiris first came to light in September 2021 when Kaspersky highlighted its potential connections to Nobelium, the Russian nation-state group behind the SolarWinds supply chain attack.
"More precisely, on September 13, 2022, around 05:40 UTC, an operator attempted to deploy several known Tomiris implants via Telemiris: first a Python Meterpreter loader, then JLORAT and Roopy," the researchers explained.
That said, despite the potential ties between the two groups, Tomiris is said to be separate from Turla owing to differences in their targeting and tradecrafts, once again raising the possibility of a false flag operation.
On the other hand, it's also highly probable that Turla and Tomiris collaborate on select operations or that both the actors rely on a common software provider, as exemplified by Russian military intelligence agencies' use of tools supplied by a Moscow-based IT contractor named NTC Vulkan.
"Overall, Tomiris is a very agile and determined actor, open to experimentation," the researchers said, adding "There exists a form of deliberate cooperation between Tomiris and Turla."
News URL
https://thehackernews.com/2023/04/russian-hackers-tomiris-targeting.html
Related news
- Russian Hackers Deploy HATVIBE and CHERRYSPY Malware Across Europe and Asia (source)
- Russian hackers deliver malicious RDP configuration files to thousands (source)
- Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails (source)
- Vietnamese Hacker Group Deploys New PXA Stealer Targeting Europe and Asia (source)
- Faraway Russian hackers breached US organization via Wi-Fi (source)
- Firefox and Windows zero-days exploited by Russian RomCom hackers (source)
- Wanted Russian Hacker Linked to Hive and LockBit Ransomware Arrested (source)
- North Korean Kimsuky Hackers Use Russian Email Addresses for Credential Theft Attacks (source)
- Russian hackers hijack Pakistani hackers' servers for their own attacks (source)
- Russian hackers hijack Pakistani hackers' servers for their own attacks (source)