New Tomiris tools and techniques: multiple reverse shells, Havoc, AdaptixC2
Essential information
- Published
- 28/11/2025 08:31
- Modified
- 21/12/2025 18:14
- Tags
- 2025-11-28 adaptixc2 apt discord distopia backdoor government targets havoc jlorat multi-language malware reverse shells telegram tomiris c# reverseshell tomiris c# telegram reverseshell tomiris c++ reversesocks tomiris c/c++ reverseshell tomiris go reverseshell tomiris go reversesocks tomiris powershell telegram backdoor tomiris python discord reverseshell tomiris python filegrabber tomiris python telegram reverseshell tomiris rust downloader tomiris rust reverseshell
- Related entities
- 66 observables, 1 intrusion sets (apt), 17 techniques (mitre), 16 malware, 6 others
Description
Kaspersky researchers uncovered new malicious operations by the Tomiris threat actor targeting foreign ministries, intergovernmental organizations, and government entities. The attacks, which began in early 2025, show a shift in tactics with increased use of implants leveraging public services like Telegram and Discord as command-and-control servers. The group employs various programming languages including Go, Rust, C/C#/C++, and Python to develop reverse shell tools. Some infections lead to the deployment of open-source post-exploitation frameworks such as Havoc and AdaptixC2. The campaign primarily focuses on Russian-speaking users and entities, with additional targets in Central Asian countries.