Kaspersky Lab researchers have discovered a wave of cyber-espionage targeted attacks aimed at Central Asian diplomatic organizations. The Trojan called “Octopus”, disguised as a version of a popular and legitimate online messenger, was attracting users amid the news of a possible ban on Telegram messenger in the region. Once installed, Octopus provided attackers with remote access to victims’ computers.

Threat actors are constantly seeking exploitable modern trends and adjusting their methods in order to jeopardize users’ privacy and sensitive information across the world. In this case, the possible prohibition of the widely used Telegram messenger allowed threat actors to plan attacks using the Octopus Trojan, subsequently providing the hackers with remote access to a victim’s computer.

Threat actors distributed Octopus within an archive disguised as an alternative version of Telegram messenger for Kazakh opposition parties. The launcher was disguised with a recognizable symbol of one of the opposition political parties from the region, and the Trojan was hidden inside.