Unveiling Silent Lynx APT Targeting Entities Across Kyrgyzstan & Neighboring Nations
Essential information
- Published
- 21/01/2025 11:52
- Modified
- 21/01/2025 17:15
- Tags
- 2025-01-21 apt central asia espionage golang government gservice.exe kyrgyzstan powershell resocks telegram xerox_scan17510875802718752175.exe yorotrooper
- Related entities
- 12 observables, 1 intrusion sets (apt), 16 techniques (mitre), 1 malware, 4 others
Description
A new threat group dubbed Silent Lynx has been uncovered targeting entities in Kyrgyzstan and neighboring nations. The group, believed to be Kazakhstan-based, employs sophisticated multi-stage attack strategies using ISO files, C++ loaders, PowerShell scripts, and Golang implants. Their campaigns focus on government entities, banks, and diplomatic operations, leveraging UN-themed lures and employee bonus schemes. Silent Lynx utilizes Telegram bots for command and control and data exfiltration. The group shows similarities with YoroTrooper, suggesting possible resource sharing. Their primary motivation appears to be espionage, targeting government entities in Central Asia and SPECA nations. The attackers use various techniques including malicious email attachments, decoy documents, and persistence mechanisms to maintain access to compromised systems.