Tomiris 2025 government-targeting campaign
Campaign
Summary
Hide ▲
Show ▼
The Tomiris 2025 campaign is using phishing and public-service C2 to target foreign ministries, intergovernmental organizations, and government entities, increasing the risk of stealthy long-term access across Russia and Central Asia.
Related Happenings
Webworm multi-country targeting campaign against government and enterprise victims
Campaign
First: 20.05.2026 15:51
Last: 20.05.2026 15:51
Sources 1
About this happening:
**Webworm** is running a **multi-country targeting campaign** against **government agencies and enterprises**, expanding the risk of persistent access across several regions. The...
Webworm multi-country targeting campaign against government and enterprise victims
CampaignAbout this happening: **Webworm** is running a **multi-country targeting campaign** against **government agencies and enterprises**, expanding the risk of persistent access across several regions. The...
UAT-8302 government-targeting campaign across South America and southeastern Europe
Campaign
First: 05.05.2026 17:19
Last: 05.05.2026 17:19
Sources 1
About this happening:
The **UAT-8302** campaign has been tied to attacks on **government entities** in **South America** and **southeastern Europe**, showing a multi-region operation with post-exploita...
UAT-8302 government-targeting campaign across South America and southeastern Europe
CampaignAbout this happening: The **UAT-8302** campaign has been tied to attacks on **government entities** in **South America** and **southeastern Europe**, showing a multi-region operation with post-exploita...
Tropic Trooper trojanized SumatraPDF remote-access campaign
Campaign
First: 24.04.2026 12:29
Last: 24.04.2026 12:29
Sources 1
About this happening:
**Tropic Trooper** is running an active **campaign** that uses a **trojanized SumatraPDF** lure to plant **AdaptixC2 Beacon** and later abuse **VS Code tunnels** for remote access...
Tropic Trooper trojanized SumatraPDF remote-access campaign
CampaignAbout this happening: **Tropic Trooper** is running an active **campaign** that uses a **trojanized SumatraPDF** lure to plant **AdaptixC2 Beacon** and later abuse **VS Code tunnels** for remote access...
DPRK-linked cryptoasset theft campaign continuing into 2026
Campaign
First: 03.04.2026 11:35
Last: 03.04.2026 11:35
Sources 1
About this happening:
The **DPRK-linked cryptoasset theft campaign** is continuing into **2026**, keeping **crypto and Web3** targets at risk of repeated theft and laundering activity. The operation us...
DPRK-linked cryptoasset theft campaign continuing into 2026
CampaignAbout this happening: The **DPRK-linked cryptoasset theft campaign** is continuing into **2026**, keeping **crypto and Web3** targets at risk of repeated theft and laundering activity. The operation us...
UAC-0050 spear-phishing campaign targeting European financial institutions
Campaign
First: 24.02.2026 16:21
Last: 24.02.2026 16:21
Sources 1
About this happening:
The **UAC-0050** spear-phishing operation targeted a **European financial institution**, raising concern that the actor is extending its reach beyond **Ukraine** into **Western Eu...
UAC-0050 spear-phishing campaign targeting European financial institutions
CampaignAbout this happening: The **UAC-0050** spear-phishing operation targeted a **European financial institution**, raising concern that the actor is extending its reach beyond **Ukraine** into **Western Eu...
Timeline
-
01.12.2025 07:07 2 articles · 5mo ago
Tomiris 2025 government-targeting campaign
Initial DisclosureThe operation begins with **spear-phishing emails** carrying **password-protected RAR files**. Those archives deliver a disguised payload that starts the infection chain and prepares the host for follow-on tooling.
Show sources
- Tomiris Shifts to Public-Service Implants for Stealthier C2 in Attacks on Government Targets — thehackernews.com — 01.12.2025 07:07
- Tomiris Shifts to Public-Service Implants for Stealthier C2 in Attacks on Government Targets — thehackernews.com — 01.12.2025 07:07