A group of hackers going by the name Tomitis was considered a serious threat when it was found out they are secretly collecting the intelligence in Central Asia. The report was made by Kaspersky Labs.
Tomiris aims to regularly steal confidential documents from government and diplomatic institutions in CIS countries for malicious purposes, according to security researchers Delcher and Kwiatkowski.
Kaspersky Lab first discovered the group in September 2021 and suggested a possible link to Russian state-sponsored hacking group Nobelium, but further investigation is needed to confirm this. The targeting of sensitive information by Tomiris could have severe geopolitical ramifications, underscoring the need for robust cybersecurity measures and international collaboration to combat cyber threats.
Cyberespionage Group and Their Malicious Software
Tomiris is a hacking group that employs various techniques to carry out their phishing attacks. One of their preferred tools is the Polyglot toolkit, which allows them to create “one-time” implants in different programming languages. These implants are then used repeatedly against the same targets.
Aside from using freeware or commercial tools like RATel and Warzone RAT, Tomiris also uses custom malware, including Telemiris, Roopy, and JLORAT. Telemiris is a Python-based backdoor that uses Telegram as a command and control (C2) channel.
Roopy, on the other hand, is a Pascal-based file stealer that periodically scans for files of interest and sends them to a remote server. JLORAT, written in Rust, is a versatile file stealer that can collect system information, execute commands issued by a C2 server, download files, and take screenshots.
According to investigations conducted by security experts, there are similarities between Tomiris and the Turla group, which is also known as UNC4210. However, despite these similarities, the two groups are said to have different goals and methods. Nevertheless, there is a high likelihood that they are collaborating on separate operations, or they may be using a common software provider.
Overall, Tomiris is a flexible and determined hacking group that is always experimenting with new techniques. They are believed to be collaborating with Turla, but their exact relationship remains unclear.