- “Ducktail” Hackers Target Facebook - September 28, 2023
- Okta Breach: Super Admin Hack - September 24, 2023
- Rackspace: $10.8M Cloud Shift - September 23, 2023
An unknown cyber spy group has been conducting a politically motivated campaign aimed at high-ranking ministries, telecommunications services, and government infrastructure in Tajikistan, according to security experts at the IS firm PRODAFT. The purpose of the attacks is not yet clear, but it may be an intelligence-gathering operation or the work of opposition forces.
The group behind the attacks, known as Nomadic Octopus or DustSquad, is responsible for creating the invasion kit called Paperbug. The hackers have been targeting individual computers and technological equipment, using specific malware to gain access to their victims’ systems.
Although the motive for the attacks is unclear, experts have speculated that they may be aimed at intelligence-gathering or disrupting the government’s operations. The group may also be linked to opposition forces seeking to undermine the government.
Nomadic Octopus/DustSquad has been targeting local governments, diplomatic missions, and political bloggers using Android and Windows malware. The attacks suggest that the group is engaged in cyber espionage activities.
The group has been using a Delphi-based application called Octopus, which presents itself as a different version of the Telegram messenger. The software provides attackers with access to computers using a C2 server and can be used to spy on users and steal sensitive data.
PRODAFT claims that the group successfully breached a telecom company’s network in Tajikistan, targeting executive networks, government networks, and OT devices with known security flaws. However, it is not clear when or how the network was breached.
The group has also used a variation of the Octopus malware in their attacks, which allows them to remotely control an infected machine, dump data to a remote server, and take screenshots.
The analysis of the C2 server shows that the group was successful in compromising 499 systems, including government network devices, gas station systems, and cash registers. The hackers used malicious tools that impersonated popular web browsers to avoid detection.