A newly identified threat actor, Silent Lynx, has been discovered conducting targeted cyber attacks against organizations in Kyrgyzstan and Turkmenistan. The group, believed to be of Kazakhstani origin, primarily focuses on entities involved in economic decision-making and banking sectors across Eastern Europe and Central Asia.

Key Targets:
– Government embassies
– Legal professionals
– State-backed banks
– Economic think tanks

Attack Methodology:
The group employs two distinct attack campaigns:

Campaign 1:
– Initiates with spear-phishing emails containing RAR archives
– Deploys ISO files containing malicious C++ binaries
– Utilizes Telegram bots for command execution and data theft
– Downloads additional payloads from remote servers

Campaign 2:
– Distributes malicious RAR archives
– Contains decoy PDFs and Golang executables
– Establishes reverse shell connections to attacker servers

Technical researchers have noted similarities between Silent Lynx and YoroTrooper (SturgeonPhisher), particularly in their targeting of Commonwealth of Independent States (CIS) countries and use of PowerShell and Golang tools.

The group’s sophisticated multi-stage attack strategy and use of Telegram bots for command and control operations indicate a focus on espionage activities in Central Asian and SPECA nations.