Tomiris Cyberattacks Target Government Officials and Diplomats

A new wave of cyberattacks has been discovered targeting government officials and diplomats across a region. The group, known as Tomiris, has been active for several years and is known for focusing on high-value political targets. This latest investigation shows they are now using more advanced methods to hide their tracks, including popular apps like Telegram and Discord to control infected computers. According to a new report by Kaspersky, the threat actor launched a sophisticated campaign in early 2025, revealing a significant shift in its operating methods. The attacks typically begin with a phishing email designed to look official, often mimicking government correspondence about economic development or cooperation agreements. When a victim opens the archive and clicks the file inside, their computer becomes infected. Tomiris uses a variety of new implants developed in multiple programming languages, making it harder for standard antivirus software to detect a pattern.