The Silent Lynx APT group has been conducting espionage campaigns targeting diplomatic entities and critical infrastructure in Central Asia, Russia, and China. Two major campaigns were identified: one focused on Russia-Azerbaijan relations and another on China-Central Asia relations. The group used various malware tools including PowerShell scripts, .NET implants, and C++ reverse shells. They leveraged spear-phishing emails with malicious attachments and GitHub-hosted payloads. Key targets included government think-tanks, diplomats, and entities in mining, transport and communication industries. The campaigns coincided with important summits and meetings between the targeted countries. Attribution was based on similarities in tactics, tools, and victimology to previous Silent Lynx operations. Author: AlienVault
Related Tags:
central asia
Ligolo-ng
SilentSweeper
LAPLAS
SILENT LOADER
reverse shell
mining
T1566.001
T1053.005
Associated Indicators:
40D4D7B0BC47B1D30167DD7FC9BD6BD34D99B8E0AE2C4537F94716E58E7A5AEB
9DE8BBC961FF450332F40935B739D6D546F4B2ABF45AEC713E86B37B0799526D
97969978799100C7BE211B9BF8A152BBD826BA6CB55377284537B381A4814216
B58F672E7FE22B3A41B507211480C660003823F814D58C04334CA9B7CDD01F92
B0AC155B99BC5CF17ECFD8D3C26037456BC59643344A3A30A92E2C71C4C6CE8D
123901FA1F91F68DACD9EC972E2137BE7E1586F69E419FC12D82AB362ACE0BA9
32035C9D3B81AD72913F8DB42038FCF6D95B51D4D84208067FE22CF6323F133C
5BAE9C364EE4F89AF83E1C7D3D6EE93E7F2EA7BD72F9DA47D78A88AB5CFBD5D4
A83A8EB3B522C4517B8512F7F4E9335485FD5684B8653CDE7F3B9B65C432FA81