Silent Lynx, an Advanced Persistent Threat (APT) group first identified in early 2025, has been observed orchestrating highly targeted cyber operations against government entities, financial institutions, and think tanks in Kyrgyzstan and Turkmenistan. Their reach extends beyond these borders, infiltrating organizations across Eastern Europe and other Central Asian nations, with a particular emphasis on entities engaged in economic policymaking and the banking sector.

 Demonstrating a high degree of operational sophistication, Silent Lynx employs a meticulously crafted, multi-stage attack strategy. Their arsenal includes ISO-based infection chains, C++ developed loaders, obfuscated PowerShell scripts, and resilient Golang implants—each component designed to evade traditional security measures while maintaining persistent access to compromised systems. 

Notably, the group’s reliance on Telegram bots for command-and-control (C2) operations, coupled with the strategic use of decoy documents tailored to regional interests, underscores their espionage-driven objectives within Central Asia and nations under the UN Special Programme for the Economies of Central Asia (SPECA). The complexity of these campaigns poses significant detection and mitigation challenges for targeted organizations. Given the evolving nature of Silent Lynx’s tactics, CyberStash anticipates that their operations will expand to additional regions in the near future.