Espionage is the act of obtaining secret or confidential information from a closed source without the consent of the holder, or disseminating it without the consent of the holder. Cyber espionage is one of the sophisticated types of this act. They are mostly held to gather sensitive digital documents and closed sources of governments and corporations. In order to get this information, the group must gain access to their target’s networks, devices, or infrastructures. The infiltration can be done with spear-phishing target government/corporate individuals, exploiting public services of the organization[7] and more. These operations are usually carried out by government actors, state sponsored or directed groups to obtain intelligence on their targets and enhance their own nation’s safety and military capability.
This report explores an operational environment which is owned by Nomadic Octopus espionage group, that has been active since 2020. According to victim analysis, the group specifically targets Tajikistan’s high ranking government officials, telecommunication services, and public service infrastructures. The types of compromised machines range from individuals’ computers to OT devices. These targets make operation ”Paperbug” intelligence-driven. The environment itself is built with fundamental functionality. This makes the attribution challenging ; it leaves little room for comments. However, in this case, the findings were sufficient to profile this group.
