Ptechhub
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
PtechHub
No Result
View All Result

Silent Lynx Using PowerShell, Golang, and C++ Loaders in Multi-Stage Cyberattacks

The Hacker News by The Hacker News
February 5, 2025
Home Cybersecurity
Share on FacebookShare on Twitter


Feb 05, 2025Ravie LakshmananThreat Intelligence / Malware

A previously undocumented threat actor known as Silent Lynx has been linked to cyber attacks targeting various entities in Kyrgyzstan and Turkmenistan.

“This threat group has previously targeted entities around Eastern Europe and Central Asian government think tanks involved in economic decision making and banking sector,” Seqrite Labs researcher Subhajeet Singha said in a technical report published late last month.

Targets of the hacking group’s attacks include embassies, lawyers, government-backed banks, and think tanks. The activity has been attributed to a Kazakhstan-origin threat actor with a medium level of confidence.

Cybersecurity

The infections commence with a spear-phishing email containing a RAR archive attachment that ultimately acts as a delivery vehicle for malicious payloads responsible for granting remote access to the compromised hosts.

The first of the two campaigns, detected by the cybersecurity company on December 27, 2024, leverages the RAR archive to launch an ISO file that, in turn, includes a malicious C++ binary and a decoy PDF file. The executable subsequently proceeds to run a PowerShell script that uses Telegram bots (named “@south_korea145_bot” and “@south_afr_angl_bot”) for command execution and data exfiltration.

Some of the commands executed via the bots include curl commands to download and save additional payloads from a remote server (“pweobmxdlboi[.]com”) or Google Drive.

The other campaign, in contrast, employs a malicious RAR archive containing two files: A decoy PDF and a Golang executable, the latter of which is designed to establish a reverse shell to an attacker-controlled server (“185.122.171[.]22:8082”).

Cybersecurity

Seqrite Labs said it observed some level of tactical overlaps between the threat actor and YoroTrooper (aka SturgeonPhisher), which has been linked to attacks targeting the Commonwealth of Independent States (CIS) countries using PowerShell and Golang tools.

“Silent Lynx’s campaigns demonstrate a sophisticated multi-stage attack strategy using ISO files, C++ loaders, PowerShell scripts, and Golang implants,” Singha said.

“Their reliance on Telegram bots for command and control, combined with decoy documents and regional targeting which also highlights their focus on espionage in Central Asia and SPECA based nations.”

Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.





Source link

Tags: computer securitycyber attackscyber newscyber security newscyber security news todaycyber security updatescyber updatesdata breachhacker newshacking newshow to hackinformation securitynetwork securityransomware malwaresoftware vulnerabilitythe hacker news
The Hacker News

The Hacker News

Next Post
Enterprises lean on container solutions to deploy generative AI

Enterprises lean on container solutions to deploy generative AI

Recommended.

New Chrome Vulnerability Enables Cross-Origin Data Leak via Loader Referrer Policy

New Chrome Vulnerability Enables Cross-Origin Data Leak via Loader Referrer Policy

May 15, 2025
Vmake AI Talking Video Editor: The All-in-One Solution for Talking Videos, Empowering Diverse Creators

Vmake AI Talking Video Editor: The All-in-One Solution for Talking Videos, Empowering Diverse Creators

August 7, 2025

Trending.

Cloud Market Share Q1 2026: AWS, Microsoft, Google Battling In AI Era

Cloud Market Share Q1 2026: AWS, Microsoft, Google Battling In AI Era

May 4, 2026
AWS Vs. Google Cloud Vs. Microsoft Azure Q1 Earnings Face-Off

AWS Vs. Google Cloud Vs. Microsoft Azure Q1 Earnings Face-Off

May 1, 2026
Anaconda Extends AI-Native Application Development With Acquisition

Anaconda Extends AI-Native Application Development With Acquisition

May 1, 2026
AWS Solution Provider Caylent Unveils Dedicated Anthropic Claude Unit

AWS Solution Provider Caylent Unveils Dedicated Anthropic Claude Unit

April 30, 2026
Google’s 0 Million Partner Fund Targets AI Agent Era Channel Paradigm Shift

Google’s $750 Million Partner Fund Targets AI Agent Era Channel Paradigm Shift

April 24, 2026

PTechHub

A tech news platform delivering fresh perspectives, critical insights, and in-depth reporting — beyond the buzz. We cover innovation, policy, and digital culture with clarity, independence, and a sharp editorial edge.

Follow Us

Industries

  • AI & ML
  • Cybersecurity
  • Enterprise IT
  • Finance
  • Telco

Navigation

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Subscribe to Our Newsletter

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Copyright © 2025 | Powered By Porpholio

No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs

Copyright © 2025 | Powered By Porpholio