Paperbug

Threat Actor Profile Updated 3 months ago
Download STIX
Preview STIX
Paperbug is a cyber-espionage campaign executed by a suspected Russian threat actor known as Nomadic Octopus, also referred to as DustSquad. The Swiss cybersecurity company Prodaft has released a report detailing the actions of this group, outlining their tactics, techniques, and procedures (TTPs). The Paperbug operation, which started in 2020, has been targeting government networks, individual computers, and operational technology devices in Tajikistan, including gas station systems. These attacks have resulted in significant data breaches, with the threat actor stealing emails, documents, messaging application chat histories, and even spying on victims in real time. Nomadic Octopus leveraged multiple servers as command and control (C2) points for its backdoors and tools used in the Paperbug campaign. The group expanded its access through document theft, stolen clients' contracts and credentials, exploitation of weak network security configurations, and unpatched software and services. The malware deployed shows similarities to the previously analyzed Octopus and allows the attackers to execute various commands on the victims’ machines, highlighting the sophisticated nature of the threat actor's capabilities. The TTPs observed in Operation Paperbug align closely with the attack patterns associated with Russia-linked threat actors like the Sofacy APT. This intelligence-driven operation poses a significant threat to national security and business continuity, given its focus on both governmental and commercial targets. As such, organizations are advised to bolster their cybersecurity measures and stay vigilant against potential threats.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Nomadic Octopus
2
Nomadic Octopus, a suspected Russian Advanced Persistent Threat (APT) group, has been engaged in a cyber-espionage campaign known as Paperbug since 2020. The group infiltrated a Tajikistani carrier to spy on government officials and public service infrastructures, compromising government networks, i
Operation Paperbug
2
None
DustSquad
1
DustSquad, also known as Nomadic Octopus, is a notable threat actor that has been implicated in several cyber-espionage campaigns. Throughout 2018, DustSquad, along with other actors like IndigoZebra and Sofacy, targeted political entities in Central Asia using the Octopus malware. This was revealed
Sofacy Apt
1
None
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Apt
Espionage
Exploit
Malware
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
OctopusUnspecified
2
Octopus is a malware, a harmful program designed to exploit and damage computer systems. It can infiltrate systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt operations, or even hold data hostage for
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
APT28Unspecified
1
APT28, also known as Fancy Bear, is a threat actor linked to Russia and has been involved in numerous cyber espionage campaigns. The group is notorious for its sophisticated tactics, techniques, and procedures (TTPs). Recently, NATO and the EU formally condemned APT28's activities, acknowledging the
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Paperbug Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
a year ago
Cyber security week in review: April 28, 2023
CERT-EU
a year ago
Russian APT Hacked Tajikistani Carrier to Spy on Government, Public Services
Securityaffairs
a year ago
Russian APT Nomadic Octopus hacked Tajikistani carrier
CERT-EU
a year ago
Paperbug Attack: New Politically-Motivated Surveillance Campaign in Tajikistan