Russian Cyber Group Tomiris Adapts Tactics to Target CIS Governments

Tomiris cyber group targets CIS ministries using platforms like Telegram, deploying multi-language malware for stealth and control.

By Content Team

Dec 2, 2025

ON THIS PAGE

Share

---

ON THIS PAGE

Want more insights like this?

Subscribe to our newsletter to get the latest software protection strategies delivered to your inbox.

By submitting your email, you consent to Codekeeper contacting you and agree to our privacy policy.

The Russian-speaking Tomiris cyber-espionage group has launched a sophisticated new campaign targeting foreign ministries and government entities across Commonwealth of Independent States countries. Kaspersky researchers discovered the attacks beginning in early 2025, marking two major tactical shifts for the group.

Tomiris now routes command-and-control traffic through popular platforms like Telegram and Discord, helping malicious activity blend with legitimate network use. The group also deploys malware written in multiple programming languages including Go, Rust, C++, Python, and C# to enhance stealth and adaptability.

The attacks begin with phishing emails containing password-protected archives that masquerade as legitimate documents. Once inside systems, Tomiris uses open-source frameworks like Havoc and AdaptixC2 to maintain control and steal internal government documents from countries including Turkmenistan, Kyrgyzstan, Tajikistan, and Uzbekistan.

Source: Dark Reading

Share this article

Have questions about protecting your software?

Our escrow experts are standing by to help.

Book a free demo

YOU MAY ALSO LIKE

Critical BeyondTrust Vulnerability Allows Hackers Complete System Access

Feb 8, 2026

Major Security Breach Exposes 1.5 Million Users on AI Social Network Moltbook

Feb 1, 2026

ShinyHunters Cybercriminals Expand Cloud-Targeting Extortion Operations

Feb 2, 2026

Critical Apache StreamPipes Flaw Lets Attackers Hijack Admin Accounts

Dec 31, 2025