Nomadic Octopus’ New Campaign : Paperbug

The session will cover a not-previously-published TI case where the group "Nomadic Octopus" has used a telecom provider in Tajikistan to gain access to several high-ranking government officials' devices. This was very likely done with the intention of espionage since the threat actors mainly stole screenshots and documents from compromised devices, hence we have named this campaign Paperbug. During the session, I aim to go over how the operation evolved, explain the behavior patterns of the attackers and share our findings on the campaign in a more detailed manner.