Kaspersky Lab researchers have discovered a wave of cyber-espionage targeted attacks aimed at Central Asian diplomatic organisations. The Trojan called Octopus, disguised as a version of a popular and legitimate online messenger, was attracting users amid the news of a possible ban on Telegram messenger in the region. Once installed, Octopus provided attackers with remote access to victims’ computers.
Threat actors are constantly seeking exploitable modern trends and adjusting their methods in order to jeopardise users’ privacy and sensitive information across the world. In this case, the possible prohibition of the widely used Telegram messenger allowed threat actors to plan attacks using the Octopus Trojan, subsequently providing the hackers with remote access to a victim’s computer.
Threat actors distributed Octopus within an archive disguised as an alternative version of Telegram messenger for Kazakh opposition parties. The launcher was disguised with a recognisable symbol of one of the opposition