{ "id": "f6e80898-2842-4844-ba88-10e1233d95d1", "created_at": "2026-04-06T00:15:10.680109Z", "updated_at": "2026-04-10T13:11:33.884768Z", "deleted_at": null, "sha1_hash": "79962197f604c601a544baddacd7db8159c10ad8", "title": "cyber espionage in Central Asia", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 45551, "plain_text": "cyber espionage in Central Asia\r\nArchived: 2026-04-02 12:25:07 UTC\r\nNomadic Octopus: cyber espionage in Central Asia\r\nThursday 4 October 11:00 - 11:30, Green room\r\nAnton Cherepanov (ESET)\r\nESET researchers recently discovered an interesting cyber espionage campaign active in several countries of\r\nCentral Asia. We attribute these attacks to a previously undocumented APT group that we have named Nomadic\r\nOctopus. Our findings suggest that this APT group has been active since at least 2015. The main goal of Nomadic\r\nOctopus appears to be cyber espionage against high-value targets, including diplomatic missions in the region.\r\nHowever, besides these high-value targets, we have seen a campaign targeting a local political blogger, which may\r\nsuggest that Nomadic Octopus also conducts cyber surveillance operations. Nomadic Octopus performs its\r\nactivity using unique, custom-made malware. In our talk, we will uncover details about this new APT group and\r\nprovide a technical analysis of the malicious toolkit used in the attacks.\r\nAnton Cherepanov\r\nAnton Cherepanov is a senior malware researcher at ESET, where his responsibilities include the\r\nanalysis of complex threats. He has performed extensive research on cyberattacks in Ukraine and on\r\nBlackEnergy APT group malware. His research has been presented at numerous conferences, including\r\nBlack Hat USA, Virus Bulletin, CARO Workshop, PHDays and ZeroNights. He won a Pwnie Award in\r\n2017 for his discovery and analysis of the M.E.Doc backdoor – the origin of the NotPetya ransomware\r\noutbreak. His interests focus on IT security, reverse engineering and the automation of malware analysis\r\n@cherepanov74\r\nSource: https://www.virusbulletin.com/conference/vb2018/abstracts/nomadic-octopus-cyber-espionage-central-asia/\r\nhttps://www.virusbulletin.com/conference/vb2018/abstracts/nomadic-octopus-cyber-espionage-central-asia/\r\nPage 1 of 1", "extraction_quality": 1, "language": "EN", "sources": [ "Malpedia", "MISPGALAXY" ], "origins": [ "web" ], "references": [ "https://www.virusbulletin.com/conference/vb2018/abstracts/nomadic-octopus-cyber-espionage-central-asia/" ], "report_names": [ "nomadic-octopus-cyber-espionage-central-asia" ], "threat_actors": [ { "id": "978775b9-369d-44f7-8a42-76d7b9cb42d5", "created_at": "2022-10-25T15:50:23.846105Z", "updated_at": "2026-04-10T02:00:05.36378Z", "deleted_at": null, "main_name": "Nomadic Octopus", "aliases": [ "Nomadic Octopus", "DustSquad" ], "source_name": "MITRE:Nomadic Octopus", "tools": null, "source_id": "MITRE", "reports": null }, { "id": "70661552-6715-4750-bf4e-527055d3e7b4", "created_at": "2023-11-08T02:00:07.114392Z", "updated_at": "2026-04-10T02:00:03.417207Z", "deleted_at": null, "main_name": "DustSquad", "aliases": [ "Nomadic Octopus" ], "source_name": "MISPGALAXY:DustSquad", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "f6fe4b4f-9694-4ffc-94ef-a0cc5aef94d9", "created_at": "2022-10-25T16:07:23.556112Z", "updated_at": "2026-04-10T02:00:04.655561Z", "deleted_at": null, "main_name": "DustSquad", "aliases": [ "APT-C-34", "DustSquad", "G0133", "Golden Falcon", "Nomadic Octopus" ], "source_name": "ETDA:DustSquad", "tools": [ "Garpun", "Paperbug", "Remote Control System" ], "source_id": "ETDA", "reports": null } ], "ts_created_at": 1775434510, "ts_updated_at": 1775826693, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/79962197f604c601a544baddacd7db8159c10ad8.pdf", "text": "https://archive.orkl.eu/79962197f604c601a544baddacd7db8159c10ad8.txt", "img": "https://archive.orkl.eu/79962197f604c601a544baddacd7db8159c10ad8.jpg" } }