Russian speaking hacking group now shifting focus to government targets

1. Pro
2. Security

Russian speaking hacking group now shifting focus to government targets News By Sead Fadilpašić published 2 December 2025

The focus is now on stealth, long-term persistence, and cyber-espionage

Comments (0) ()

When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.

(Image credit: Shutterstock) (Image credit: Shutterstock)

• Tomiris APT targets government bodies with multi-language malware implants
• Group hides C2 traffic in Telegram/Discord, using phishing for initial access
• Campaign focuses on state-level intelligence, hitting Russia and Central Asian institutions

Tomiris, a Russian-speaking APT hacking group, has narrowed down its attack focus to target government ministries, intergovernmental organizations, and politically significant institutions.

This is according to a new report from cybersecurity researchers Kaspersky, which claims that from early 2025, there has been a wave of intrusions in which Tomiris deployed a large arsenal of multi-language implants.

The tools, written in Go, Rust, Python, and PowerShell (among others), were designed for flexibility, obfuscation, as well as to make attribution more difficult.

You may like

• Chinese hackers hit government systems, stealing emails and more - here's what we know
• Russian hackers hit Windows machines via Linux VMs with new custom malware
• Russian tech firm attacked by Chinese state hackers in allied attack

$60 offSave 75%Aura Family: was US$80 now US$20 at Aura Inc

Aura can protect your family with a plethora of features: Password Manager, ID theft protection, Antivirus, VPN, Parental Control and much more for just $20 per month!

View Deal

Targeting Russian and Central Asian victims

Tomiris is now hiding its command-and-control (C2) infrastructure in public services such as Telegram, or Discord, it was said, which helps it hide malicious traffic inside normal, encrypted messaging flows.

Several reverse shells such as the Tomiris Python, Discord ReverseShell, or the Tomiris Python Telegram ReverseShell, rely completely on these platforms for both receiving commands and exfiltrating stolen data.

Initial access is usually achieved via phishing, using rules written in Russian. Once the stage-one malware is deployed, the attackers would lurk, run system commands, and deploy stage-two malware. Kaspersky also said that frameworks such as Havoc and AdaptixC2 appear in later phases, and are used for persistence, lateral movement, and device takeover.

More than half of Tomiris’s phishing lures target Russian-speaking individuals or institutions, it was said. The rest are located in Central Asian nations such as Turkmenistan, Kyrgyzstan, Tajikistan, and Uzbekistan. Kaspersky also stresses that this is not opportunistic crime, but rather a campaign centered on state-level intelligence collection.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Contact me with news and offers from other Future brandsReceive email from us on behalf of our trusted partners or sponsorsBy submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.

“The evolution in tactics underscores the threat actor’s focus on stealth, long-term persistence, and the strategic targeting of government and intergovernmental organizations,” Kaspersky concludes. “The use of public services for C2 communications and multi-language implants highlights the need for advanced detection strategies, such as behavioral analysis and network traffic inspection, to effectively identify and mitigate such threats.”

Via The Hacker News

The best antivirus for all budgetsOur top picks, based on real-world testing and comparisons

➡️ Read our full guide to the best antivirus1. Best overall:Bitdefender Total Security2. Best for families:Norton 360 with LifeLock3. Best for mobile:McAfee Mobile Security

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.

Sead FadilpašićSocial Links Navigation

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.

Logout Read more Chinese hackers hit government systems, stealing emails and more - here's what we know    Russian hackers hit Windows machines via Linux VMs with new custom malware    Russian tech firm attacked by Chinese state hackers in allied attack    Chinese malware is flooding GitHub pages - HiddenGh0st, Winos and kkRAT hit devs via SEO poisoning    Iranian MuddyWater hackers use compromised mailboxes for global phishing scams    Pro-Russian hackers tricked into attacking decoy target    Latest in Security Glassworm returns once again with a third round of VS code attacks    107 Android flaws just got patched by Google - here's how to make sure you're up to date    Huge cryptomixer takedown sees feds seize over $30milion    4.3 million have installed this malicious browser extension on Chrome and Edge - here's how to check    Swiss government urges people to ditch Microsoft 365 and others due to lack of proper encryption    South Korean ecommerce giant Coupang suffers huge data breach - over 33 million accounts affected, here's what we know    Latest in News How to watch What is the Monarchy for? on BBC iPlayer (it's *FREE*)    Yes, Elden Ring Nightreign - The Forsaken Hollows DLC will be harder than the base game, but it will still be fair to players    Experts "deeply concerned" by India's plan to force all smartphones to run pre-installed security app    Milly Alcock reveals why she panicked after securing Supergirl role    How to watch Dancing With The Holidays on Fubo (it's free)    Free open-world RPG Where Winds Meet finally hits mobile next week after a successful PC and PS5 launch    LATEST ARTICLES

1. 1Forget Prime – Amazon starts 30-minute deliveries to show good things come to those with zero patience
2. 2Huge cryptomixer takedown sees feds seize over $30milion
3. 3Australia's social media ban will come into force next week
4. 4Get ready for 'True RGB' TVs – Sony's OLED-busting next-gen TVs seem to have a name, and they won't be alone
5. 5Experts "deeply concerned" by India's plan to force all smartphones to run pre-installed security app