A new intelligence report reveals that the “Tomiris” cyber-espionage group (linked to Russian-speaking actors) has significantly upgraded its tactics targeting government and diplomatic entities in Central Asia. The group is now routing command-and-control (C2) traffic through legitimate services like Telegram and Discord to blend in with normal network noise.
Business Impact
This “living-off-the-land” network strategy makes detection extremely difficult for traditional firewalls, which typically allow traffic to these popular collaboration apps. Successful espionage campaigns can lead to the theft of highly sensitive diplomatic cables, negotiation strategies, and personnel data.
Why It Happened
APT groups are adapting to improved perimeter defenses. By using trusted, high-reputation domains (like Discord) for malware communication, they bypass blocklists and anomaly detection systems that would normally flag connections to unknown servers.
Recommended Executive Action
Direct your SOC to review network logs for anomalous traffic patterns to legitimate collaboration tools, especially from critical server subnets. Consider restricting access to Discord/Telegram on sensitive government or executive networks unless strictly necessary.
Hashtags: #Tomiris #APT #Espionage #Russia #C2 #Discord #Telegram #CyberSecurity #InfoSec