Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
UnsolicitedBooker Shifts Focus to Central Asian Telecoms

UnsolicitedBooker Shifts Focus to Central Asian Telecoms

Posted on February 24, 2026 By CWS

The emergence of UnsolicitedBooker as a significant cyber threat in Central Asia marks a notable shift in their operations. Telecommunications companies in Kyrgyzstan and Tajikistan have recently come under attack by this group, which previously focused its efforts on Saudi Arabian targets. According to a recent report from Positive Technologies, the attackers have utilized two sophisticated backdoors named LuciDoor and MarsSnake.

Targeted Attacks on Kyrgyzstan and Tajikistan

The cybercriminals behind UnsolicitedBooker have been active since at least March 2023. Initially identified by ESET in May 2025, the group was linked to cyber activities targeting an international organization in Saudi Arabia. The latest attacks, however, highlight their focus on Kyrgyz telecommunications, employing phishing emails that include Microsoft Office documents to deliver malware.

These documents, appearing as legitimate telecom tariff plans, prompt users to enable macros, which then execute a malware loader. This loader, known as LuciLoad, subsequently installs the LuciDoor backdoor. A similar attack pattern was observed in November 2025, with a variant loader, MarsSnakeLoader, deploying MarsSnake malware.

Advanced Malware Techniques

UnsolicitedBooker’s use of LuciDoor and MarsSnake showcases their technical expertise. Written in C++, LuciDoor connects to a command-and-control server, collecting and transmitting system data. It can execute commands, modify files, and upload content through cmd.exe. MarsSnake shares similar functionalities, executing arbitrary commands and accessing files on the infected systems.

Interestingly, MarsSnake has also been linked to attacks in China. These operations begin with a Windows shortcut masquerading as a Word document, launching scripts to activate the malware without a loader. This technique resembles tactics used by the Mustang Panda group in previous campaigns targeting Thailand.

Strategic Implications and Future Outlook

The strategic targeting of telecom companies in Central Asia by UnsolicitedBooker underscores the evolving nature of cyber threats. Positive Technologies notes that the group initially employed LuciDoor but shifted to MarsSnake, only to revert to LuciDoor by 2026. This adaptability demonstrates their persistent threat.

Other cybersecurity threats have also emerged, such as PseudoSticky, mimicking pro-Ukrainian groups to target Russian organizations. This group uses phishing and trojans like RemcosRAT and DarkTrack RAT for data theft. Meanwhile, Cloud Atlas targets Russian entities using custom malware such as VBShower and VBCloud.

The continued evolution of these threat actors highlights the need for vigilant cybersecurity measures. Organizations must remain proactive in defending against increasingly sophisticated cyber threats as these groups adapt their strategies and tools.

The Hacker News Tags:Central Asia, command-and-control, cyber threat, Cybersecurity, LuciDoor, Malware, MarsSnake, Phishing, Telecommunications, UnsolicitedBooker

Post navigation

Previous Post: Spanish Crackdown on Anonymous Fénix Hackers
Next Post: GitHub Codespaces Vulnerability Exploited for Repository Control

Related Posts

30,000 Facebook Accounts Hacked in Phishing Scam 30,000 Facebook Accounts Hacked in Phishing Scam The Hacker News
Is Your Google Workspace as Secure as You Think it is? Is Your Google Workspace as Secure as You Think it is? The Hacker News
Critical Vulnerabilities in FatFs Impact Millions of Devices Critical Vulnerabilities in FatFs Impact Millions of Devices The Hacker News
Apple Patches Zero-Day Vulnerability in Devices Apple Patches Zero-Day Vulnerability in Devices The Hacker News
Cybersecurity Threats: SMS Blaster, OpenEMR, and Roblox Hacks Cybersecurity Threats: SMS Blaster, OpenEMR, and Roblox Hacks The Hacker News
Webworm Uses Discord and MS Graph for New Backdoors Webworm Uses Discord and MS Graph for New Backdoors The Hacker News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • WhatsApp Exploit Turns OpenClaw into Hacker Tool
  • Critical U-Boot Vulnerabilities Discovered in Firmware Security
  • Critical Security Alert for ShareFile Admins: Server Shutdown Advised
  • ShareFile Users Advised to Shut Down Controllers Amid Security Alert
  • New Windows Attack Method Evades Leading Security Tools

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • WhatsApp Exploit Turns OpenClaw into Hacker Tool
  • Critical U-Boot Vulnerabilities Discovered in Firmware Security
  • Critical Security Alert for ShareFile Admins: Server Shutdown Advised
  • ShareFile Users Advised to Shut Down Controllers Amid Security Alert
  • New Windows Attack Method Evades Leading Security Tools

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark