Operation Peek-a-Baku: APT Targets Dushanbe with Espionage Campaign
Essential information
- Published
- 03/11/2025 14:02
- Modified
- 03/11/2025 20:15
- Tags
- 2025-11-03 apt azerbaijan central asia china espionage github laplas ligolo-ng powershell reverse shell russia silent loader silentsweeper tajikistan
- Related entities
- 33 observables, 1 intrusion sets (apt), 7 techniques (mitre), 4 malware, 12 others
Description
The Silent Lynx APT group has been conducting espionage campaigns targeting diplomatic entities and critical infrastructure in Central Asia, Russia, and China. Two major campaigns were identified: one focused on Russia-Azerbaijan relations and another on China-Central Asia relations. The group used various malware tools including PowerShell scripts, .NET implants, and C++ reverse shells. They leveraged spear-phishing emails with malicious attachments and GitHub-hosted payloads. Key targets included government think-tanks, diplomats, and entities in mining, transport and communication industries. The campaigns coincided with important summits and meetings between the targeted countries. Attribution was based on similarities in tactics, tools, and victimology to previous Silent Lynx operations.