9 matches found
Tomiris Shifts to Public-Service Implants for Stealthier C2 in Attacks on Government Targets
The threat actor known as Tomiris has been attributed to attacks targeting foreign ministries, intergovernmental organizations, and government entities in Russia with an aim to establish remote access and deploy additional tools. "These attacks highlight a notable shift in Tomiris's tactics, name...
Tomiris wreaks Havoc: New tools and techniques of the APT group
While tracking the activities of the Tomiris threat actor, we identified new malicious operations that began in early 2025. These attacks targeted foreign ministries, intergovernmental organizations, and government entities, demonstrating a focus on high-value political and diplomatic...
APT trends report Q1 2023
For more than five years, the Global Research and Analysis Team GReAT at Kaspersky has been publishing quarterly summaries of advanced persistent threat APT activity. These summaries are based on our threat intelligence research; and they provide a representative snapshot of what we have publishe...
New Tomiris APT Group Targets Governments
Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary Tomiris is a Russian-speaking advanced persistent threat APT group that has been active since at least 2021 and is known for its use of sophisticated tactics and tools, including zero-day exploits and...
Russian Hackers Tomiris Targeting Central Asia for Intelligence Gathering
The Russian-speaking threat actor behind a backdoor known as Tomiris is primarily focused on gathering intelligence in Central Asia, fresh findings from Kaspersky reveal. "Tomiris's endgame consistently appears to be the regular theft of internal documents," security researchers Pierre Delcher an...
Russian Hackers Tomiris Targeting Central Asia for Intelligence Gathering
The Russian-speaking threat actor behind a backdoor known as Tomiris is primarily focused on gathering intelligence in Central Asia, fresh findings from Kaspersky reveal. "Tomiris's endgame consistently appears to be the regular theft of internal documents," security researchers Pierre Delcher an...
Tomiris called, they want their Turla malware back
Introduction We introduced Tomiris to the world in September 2021, following our investigation of a DNS-hijack against a government organization in the Commonwealth of Independent States CIS. Our initial report described links between a Tomiris Golang implant and SUNSHUTTLE which has been...
New Tomiris Backdoor Found Linked to Hackers Behind SolarWinds Cyberattack
Cybersecurity researchers on Wednesday disclosed a previously undocumented backdoor likely designed and developed by the Nobelium advanced persistent threat APT behind last year's SolarWinds supply chain attack, joining the threat actor's ever-expanding arsenal of hacking tools...
‘Tomiris’ Backdoor Linked to SolarWinds Malware
Researchers have discovered a campaign delivering a previously unknown backdoor they’re calling Tomiris. Analysis of the new malware suggests that we may not have heard the last from the Nobelium advanced persistent threat APT behind the sprawling SolarWinds supply-chain attacks of 2020. Namely,...