Operation Peek-a-Baku: Silent Lynx APT Targets Dushanbe with Espionage Campaign
Essential information
- Published
- 05/11/2025 12:36
- Modified
- 05/11/2025 21:49
- Tags
- .net 2025-11-05 apt azerbaijan central asia china espionage laplas ligolo-ng powershell reverse shell russia silent loader silentsweeper
- Related entities
- 1 intrusion sets (apt), 10 techniques (mitre), 11 others
Description
The Silent Lynx APT group has been conducting espionage campaigns targeting Central Asian nations, Russia, China, and Azerbaijan. Two main campaigns were identified: one focusing on Russia-Azerbaijan relations and another on China-Central Asia relations. The group uses various malware including PowerShell scripts, .NET implants, and C++ reverse shells. They leverage spear-phishing with malicious attachments, GitHub-hosted payloads, and scheduled tasks for persistence. The campaigns aim to gather intelligence on diplomatic communications, transportation projects, and other strategic initiatives. Silent Lynx shows a pattern of targeting summit meetings and infrastructure deals in the region, with a particular focus on events in Dushanbe, Tajikistan.