Security Advisories
Silent Lynx: An Emerging APT Group
Silent Lynx, an Advanced Persistent Threat (APT) group first identified in early 2025, has been observed orchestrating highly targeted cyber operations against government entities, financial institutions, and think tanks in Kyrgyzstan and Turkmenistan. Their reach extends beyond these borders, infiltrating organizations across Eastern Europe and other Central Asian nations, with a particular emphasis on entities engaged in economic policymaking and the banking sector. Demonstrating a high degree of operational sophistication, Silent Lynx employs a meticulously crafted, multi-stage attack strategy. Their arsenal includes ISO-based infection chains, C++ developed loaders, obfuscated PowerShell scripts, and resilient Golang implants—each component designed to evade traditional security measures while maintaining persistent access to compromised systems. Notably, the group's reliance on Telegram bots for command-and-control (C2) operations, coupled with the strategic use of decoy documents tailored to regional interests, underscores their espionage-driven objectives within Central Asia and nations under the UN Special Programme for the Economies of Central Asia (SPECA). The complexity of these campaigns poses significant detection and mitigation challenges for targeted organizations. Given the evolving nature of Silent Lynx’s tactics, CyberStash anticipates that their operations will expand to additional regions in the near future.
by Loris Minassian |
February 12, 2025
NonEuclid RAT
First identified in late 2024, NonEuclid is an advanced Remote Access Trojan (RAT) specifically designed to target Windows systems. Actively promoted on underground channels such as Discord and YouTube, it is distributed through spear-phishing campaigns and the exploitation of software vulnerabilities, making it a versatile and highly effective tool for cybercriminals.What sets NonEuclid apart is its ability to evade robust security measures, including the Anti-Malware Scan Interface (AMSI) and User Account Control (UAC). This capability enables it to execute a range of malicious activities, including data exfiltration, keylogging, and facilitating ransomware attacks. The sophisticated nature of this malware poses a significant threat to both individuals and organisations, underscoring the critical need for proactive and layered cybersecurity defences. By leveraging advanced evasion techniques, NonEuclid poses a critical risk to organisations relying solely on Microsoft Defender for endpoint security.While Microsoft Defender provides baseline protection, its effectiveness can be undermined by NonEuclid’s ability to bypass key defences, such as the Anti-Malware Scan Interface (AMSI) and User Account Control (UAC). This leaves endpoints vulnerable to data exfiltration, keylogging, and ransomware attacks, potentially leading to significant financial and reputational damage.To mitigate these risks, organisations must adopt a multi-layered security approach that combines robust endpoint detection…
by Loris Minassian |
January 20, 2025
Corrupted ZIPs and Office Docs Bypass Security
A sophisticated phishing campaign, leveraging corrupted ZIP archives and Microsoft Office files, is successfully bypassing traditional security defenses, including antivirus systems, sandboxes, and email spam filters. Active since August 2024, this attack exploits vulnerabilities in file recovery mechanisms within widely used applications such as Microsoft Word, Outlook, and WinRAR. When users open seemingly legitimate business communications, the malicious payloads are triggered, executing harmful code. What makes this threat particularly concerning is its ability to target trusted tools, allowing attackers to bypass security layers that rely on detecting suspicious file types or behaviors. The sophistication of the campaign reflects a deep understanding of how modern security defenses operate, posing a significant risk to organizational integrity. By exploiting trusted file formats and recovery features, attackers can establish a foothold in corporate environments, potentially leading to data breaches, ransomware deployment, or the theft of sensitive information. This campaign underscores the urgent need for organizations to move beyond reliance on a single layer of threat detection, such as Microsoft Defender, which many businesses depend on without validating its effectiveness or assessing potential evasion. Relying solely on one security measure leaves organizations vulnerable to sophisticated attacks that can bypass traditional defenses. To mitigate these risks,…
by Loris Minassian |
December 18, 2024