Operation Peek-a-Baku: Silent Lynx APT Targets Dushanbe with Espionage Campaign

Nov. 5, 2025, 9:49 p.m.

Description

The Silent Lynx APT group has been conducting espionage campaigns targeting Central Asian nations, Russia, China, and Azerbaijan. Two main campaigns were identified: one focusing on Russia-Azerbaijan relations and another on China-Central Asia relations. The group uses various malware including PowerShell scripts, .NET implants, and C++ reverse shells. They leverage spear-phishing with malicious attachments, GitHub-hosted payloads, and scheduled tasks for persistence. The campaigns aim to gather intelligence on diplomatic communications, transportation projects, and other strategic initiatives. Silent Lynx shows a pattern of targeting summit meetings and infrastructure deals in the region, with a particular focus on events in Dushanbe, Tajikistan.

External References

https://www.seqrite.com/blog/operation-peek-a-baku-silent-lynx-apt-dushanbe-espionage
https://otx.alienvault.com/pulse/690b44c86b05bcee7cf13cf6
Tags
apt
espionage
powershell
russia
china
.net
reverse shell
central asia
azerbaijan
silent loader
laplas
silentsweeper
ligolo-ng
2025-11-05

Date

  • Created: Nov. 5, 2025, 12:36 p.m.
  • Published: Nov. 5, 2025, 12:36 p.m.
  • Modified: Nov. 5, 2025, 9:49 p.m.

Attack Patterns

  • Silent Lynx

Additional Informations

  • Mining
  • Transportation
  • Telecommunications
  • Government
  • Turkmenistan
  • Kyrgyzstan
  • Tajikistan
  • Azerbaijan
  • Uzbekistan
  • China
  • Russian Federation