Silent Lynx APT New Attack Targeting Governmental Employees Posing...

Silent Lynx, a sophisticated threat group that has been tracked since 2024, continues its relentless espionage campaign against government entities across Central Asia.

Seqrite analysts identified the group as the first to assign this nomenclature, distinguishing it from multiple overlapping aliases including YoroTrooper, Sturgeon Phisher, and ShadowSilk.

The group has become notorious for orchestrating spear-phishing campaigns while impersonating government officials, specifically targeting governmental employees with malicious attachments designed to harvest sensitive information.

The threat group primarily leverages fabricated summit-related communications to distribute its weaponized payload.

Seqrite researchers noted that Silent Lynx demonstrates a pattern of hastily constructed campaigns targeting diplomatic entities involved in high-level international meetings.

The group’s operations extend across multiple Central Asian nations including Tajikistan, Azerbaijan, Russia, and China, with strategic focus on nations involved in cross-border infrastructure projects and diplomatic initiatives.

Seqrite analysts identified two distinct campaigns in 2025, both employing similar attack methodologies but targeting different geopolitical relationships.

The first campaign, discovered in October 2025, targeted diplomatic entities involved in Russia-Azerbaijan summit preparations, while the second focused on entities associated with China-Central Asian relations.

The timing and thematic consistency of these campaigns reveal a coordinated espionage operation driven by geopolitical interests rather than financial gain.

The infection chain begins with a deceptive RAR archive bearing benign filenames like “План развитие стратегического сотрудничества.pdf.rar” (Plan for Development of Strategic Cooperation).

Source: Cybersecurity News