DustSquad

Threat Actor Profile Updated 3 months ago

Download STIX

Preview STIX

DustSquad, also known as Nomadic Octopus, is a notable threat actor that has been implicated in several cyber-espionage campaigns. Throughout 2018, DustSquad, along with other actors like IndigoZebra and Sofacy, targeted political entities in Central Asia using the Octopus malware. This was revealed through monitoring efforts and the use of Kaspersky's Attribution Engine, which identified Octopus as related to DustSquad based on similarity algorithms. Interestingly, DustSquad's choice of programming language for Octopus was Delphi, an unusual choice for such an actor. In April 2018, Kaspersky researchers discovered a new sample of DustSquad’s Windows malware, dubbed Octopus. While both DustSquad and Sofacy have been linked to Russia, and their respective malwares were found on compromised machines, Kaspersky believes these threat actors are not related. This highlights the complexity and diversity of the threat landscape, with multiple actors potentially targeting the same victims independently. Swiss cybersecurity company Prodaft reported on the Paperbug cyber-espionage campaign, attributing it to DustSquad. DustSquad's activities have been closely monitored, with private intelligence reports being provided to customers detailing four of their campaigns involving custom Android and Windows malware. Despite the shared use of Delphi as a programming language between DustSquad's Octopus and Sofacy's Zebrocy, the groups appear to operate separately, further emphasizing the multifaceted nature of cyber threats.

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.

ID	Votes	Profile Description
Nomadic Octopus	2	Nomadic Octopus, a suspected Russian Advanced Persistent Threat (APT) group, has been engaged in a cyber-espionage campaign known as Paperbug since 2020. The group infiltrated a Tajikistani carrier to spy on government officials and public service infrastructures, compromising government networks, i
Paperbug	1	Paperbug is a cyber-espionage campaign executed by a suspected Russian threat actor known as Nomadic Octopus, also referred to as DustSquad. The Swiss cybersecurity company Prodaft has released a report detailing the actions of this group, outlining their tactics, techniques, and procedures (TTPs).

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Espionage

russian

Malware

Windows

Asia

Trojan

Android

Kaspersky

Russia

Associated Malware

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
Octopus	Unspecified	3	Octopus is a malware, a harmful program designed to exploit and damage computer systems. It can infiltrate systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt operations, or even hold data hostage for
Zebrocy	Unspecified	1	Zebrocy is a well-documented Trojan malware that infiltrates systems to gather specific system information. Once installed, it sends the collected data to its Command and Control (C2) server via an HTTP POST request. The Zebrocy variant also captures a screenshot of the victim's host and transmits i

Associated Threat Actors

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
Sofacy	Unspecified	1	Sofacy is a threat actor group that has been observed using multiple languages to create variants of the Zebrocy Trojan and Cannon. In one campaign, they relied heavily on filenames to lure victims into launching weaponized documents. The group packed only Delphi variants in an attempt to increase e
APT28	Unspecified	1	APT28, also known as Fancy Bear, is a threat actor linked to Russia and has been involved in numerous cyber espionage campaigns. The group is notorious for its sophisticated tactics, techniques, and procedures (TTPs). Recently, NATO and the EU formally condemned APT28's activities, acknowledging the

Associated Vulnerabilities

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
No associations to display

Source Document References

Information about the DustSquad Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source	CreatedAt	Title
MITRE	a year ago	Russia-Linked Hackers Target Diplomatic Entities in Central Asia
MITRE	a year ago	Octopus-infested seas of Central Asia
CERT-EU	a year ago	Paperbug Attack: New Politically-Motivated Surveillance Campaign in Tajikistan
CERT-EU	a year ago	Cyber security week in review: April 28, 2023
Securityaffairs	a year ago	Russian APT Nomadic Octopus hacked Tajikistani carrier