ShadowSilk Central Asia and APAC spear-phishing and exploit campaign
Campaign
Summary
Hide ▲
Show ▼
The ShadowSilk campaign is actively hitting government entities across Central Asia and APAC, and the current wave matters because it has already reached nearly three dozen victims. The operation is geared mainly toward data exfiltration, not a single isolated intrusion. It uses spear-phishing emails, password-protected archives, and public exploits against Drupal and the WP-Automatic WordPress plugin. New victims have been identified as recently as July 2025.
Related Happenings
PurpleBravo Contagious Interview campaign
Campaign
First: 21.01.2026 19:17
Last: 21.01.2026 19:17
Sources 1
About this happening:
The **North Korea-linked Contagious Interview** campaign is refining its malware stack, with **Cisco Talos** reporting that **BeaverTail** and **OtterCookie** are being merged mor...
PurpleBravo Contagious Interview campaign
CampaignAbout this happening: The **North Korea-linked Contagious Interview** campaign is refining its malware stack, with **Cisco Talos** reporting that **BeaverTail** and **OtterCookie** are being merged mor...
Latest development: 22.04.2026 17:48
North Korean actor Void Dokkaebi, aka Famous Chollima, pushed the Contagious Interview fake-job campaign into a self-propagating software supply chain operation by abusing compromised developer repositories, malicious Visual Studio (VS) Code tasks, and injected code that can run during normal development activity to spread malware and steal cryptocurrency wallet credentials, signing keys, and access to CI/CD pipelines and production infrastructure. Trend Micro said the campaign also stages payloads on Tron, Aptos, and Binance Smart Chain, and in March it found more than 750 infected code repositories, more than 500 malicious VS Code task configurations, and 101 instances of the commit-tampering tool.
Bloody Wolf Central Asia phishing campaign targeting Kyrgyzstan and Uzbekistan
Campaign
First: 27.11.2025 20:13
Last: 27.11.2025 20:13
Sources 1
About this happening:
The **Bloody Wolf** phishing campaign has expanded from **Kyrgyzstan** to **Uzbekistan**, widening risk to **finance, government, and IT** targets across Central Asia. The operati...
Bloody Wolf Central Asia phishing campaign targeting Kyrgyzstan and Uzbekistan
CampaignAbout this happening: The **Bloody Wolf** phishing campaign has expanded from **Kyrgyzstan** to **Uzbekistan**, widening risk to **finance, government, and IT** targets across Central Asia. The operati...
Bloody Wolf Central Asia spear-phishing campaign
Campaign
First: 27.11.2025 18:00
Last: 27.11.2025 18:00
Sources 1
About this happening:
The **Bloody Wolf** campaign is **expanding across Central Asia**, using **spoofed Ministry of Justice PDFs** and **geofenced infrastructure** to reach government users in **Kyrgy...
Bloody Wolf Central Asia spear-phishing campaign
CampaignAbout this happening: The **Bloody Wolf** campaign is **expanding across Central Asia**, using **spoofed Ministry of Justice PDFs** and **geofenced infrastructure** to reach government users in **Kyrgy...
Gamaredon and Turla coordinated Ukraine compromise campaign
Campaign
First: 19.09.2025 11:24
Last: 19.09.2025 11:24
Sources 1
About this happening:
The **Gamaredon-Turla** collaboration has been tied to a **multi-stage campaign** against **Ukrainian entities**, expanding Russian access inside the country. In **February, April...
Gamaredon and Turla coordinated Ukraine compromise campaign
CampaignAbout this happening: The **Gamaredon-Turla** collaboration has been tied to a **multi-stage campaign** against **Ukrainian entities**, expanding Russian access inside the country. In **February, April...
OldGremlin extortion campaign targeting Russian industrial enterprises
Campaign
First: 06.09.2025 18:13
Last: 06.09.2025 18:13
Sources 1
About this happening:
OldGremlin has resumed **extortion attacks** against **Russian industrial enterprises**, creating renewed operational risk for as many as **eight** large domestic targets. The gro...
OldGremlin extortion campaign targeting Russian industrial enterprises
CampaignAbout this happening: OldGremlin has resumed **extortion attacks** against **Russian industrial enterprises**, creating renewed operational risk for as many as **eight** large domestic targets. The gro...
Timeline
-
27.08.2025 16:47 1 articles · 9mo ago
ShadowSilk disclosed in Central Asia and APAC campaign
Initial DisclosureShadowSilk is identified as a threat activity cluster running a fresh wave of attacks against government entities in Central Asia and APAC, with nearly three dozen victims and a primary focus on data exfiltration. The operation targets organizations in Uzbekistan, Kyrgyzstan, Myanmar, Tajikistan, Pakistan, and Turkmenistan, and uses spear-phishing emails, password-protected archives, a custom loader that hides C2 traffic behind Telegram bots, public exploits for Drupal and the WP-Automatic WordPress plugin, and post-exploitation tooling to move laterally, steal credentials, and exfiltrate files.
Show sources
- ShadowSilk Hits 35 Organizations in Central Asia and APAC Using Telegram Bots — thehackernews.com — 27.08.2025 16:47