Golden Falcon (APT-C-34): The threat actor group known as Golden Falcon or DustSquad, which has been known to target people and groups from different parts of the world has resurfaced in Kazakhstan, a country located between China and Russia. Chinese cybersecurity company Qihoo 360 released a report about the campaign detailing how the group has focused on targeting government agencies, military personnel, foreign diplomats, researchers, journalists, private companies, education, religious figures and government employees within Kazakhstan. Researchers at Qihoo 360 managed to gain access to one of the command and control servers that were used by the group and worked backward from there. To the researchers’ surprise, the stolen data was kept in encrypted files organized geographically by the names of cities in Kazakhstan. The researchers managed to decrypt the files and found that the archives contained mostly office documents. It was found that the group was using spyware that was likely available as a commodity item, as well as a custom backdoor to monitor and keep track of foreign nationals within the country’s 13 biggest cities. The backdoor has only been seen in this campaign up to this point, so it is possible that it was custom-made by the Golden Falcon group.
By Anthony Zampino Introduction Leading up to the most recent Russian invasion of Ukraine in