Threat Actor Profile
Description
Nomadic Octopus is a Russian-speaking cyber espionage threat group that has primarily targeted Central Asia, including local governments, diplomatic missions, and individuals, since at least 2014. Nomadic Octopus has been observed conducting campaigns involving Android and Windows malware, mainly using the Delphi programming language, and building custom variants.(Citation: Security Affairs DustSquad Oct 2018)(Citation: Securelist Octopus Oct 2018)(Citation: ESET Nomadic Octopus 2018)
Confidence Score
Known Aliases
Tags
First Seen
Unknown
Last Updated
Unknown
Active Status
ActiveCreated
April 29, 2026
MITRE ATT&CK Techniques (7)
Indicators of Compromise
Loading IOCs…
IOC KQL for Sentinel
STIX Data
{'aliases': ['Nomadic Octopus', 'DustSquad'],
'created': '2021-08-24T17:04:27.002Z',
'created_by_ref': 'identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5',
'description': '\n'
'[Nomadic Octopus](https://attack.mitre.org/groups/G0133) is a '
'Russian-speaking cyber espionage threat group that has '
'primarily targeted Central Asia, including local governments, '
'diplomatic missions, and individuals, since at least 2014. '
'[Nomadic Octopus](https://attack.mitre.org/groups/G0133) has '
'been observed conducting campaigns involving Android and '
'Windows malware, mainly using the Delphi programming '
'language, and building custom variants.(Citation: Security '
'Affairs DustSquad Oct 2018)(Citation: Securelist Octopus Oct '
'2018)(Citation: ESET Nomadic Octopus 2018)',
'external_references': [{'external_id': 'G0133',
'source_name': 'mitre-attack',
'url': 'https://attack.mitre.org/groups/G0133'},
{'description': '(Citation: Security Affairs '
'DustSquad Oct 2018)(Citation: '
'Securelist Octopus Oct '
'2018)(Citation: SecurityWeek Nomadic '
'Octopus Oct 2018)',
'source_name': 'DustSquad'},
{'description': '(Citation: SecurityWeek Nomadic '
'Octopus Oct 2018)(Citation: ESET '
'Nomadic Octopus 2018)',
'source_name': 'Nomadic Octopus'},
{'description': 'Cherepanov, A. (2018, October 4). '
'Nomadic Octopus Cyber espionage in '
'Central Asia. Retrieved October 13, '
'2021.',
'source_name': 'ESET Nomadic Octopus 2018',
'url': 'https://www.virusbulletin.com/uploads/pdf/conference_slides/2018/Cherepanov-VB2018-Octopus.pdf'},
{'description': "Kaspersky Lab's Global Research & "
'Analysis Team. (2018, October 15). '
'Octopus-infested seas of Central '
'Asia. Retrieved November 14, 2018.',
'source_name': 'Securelist Octopus Oct 2018',
'url': 'https://securelist.com/octopus-infested-seas-of-central-asia/88200/'},
{'description': 'Kovacs, E. (2018, October 18). '
'Russia-Linked Hackers Target '
'Diplomatic Entities in Central Asia. '
'Retrieved October 13, 2021.',
'source_name': 'SecurityWeek Nomadic Octopus Oct '
'2018',
'url': 'https://www.securityweek.com/russia-linked-hackers-target-diplomatic-entities-central-asia'},
{'description': 'Paganini, P. (2018, October 16). '
'Russia-linked APT group DustSquad '
'targets diplomatic entities in '
'Central Asia. Retrieved August 24, '
'2021.',
'source_name': 'Security Affairs DustSquad Oct 2018',
'url': 'https://securityaffairs.co/wordpress/77165/apt/russia-linked-apt-dustsquad.html'}],
'id': 'intrusion-set--fed4f0a2-4347-4530-b0f5-6dfd49b29172',
'modified': '2025-04-16T20:37:36.955Z',
'name': 'Nomadic Octopus',
'object_marking_refs': ['marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168'],
'revoked': False,
'spec_version': '2.1',
'type': 'intrusion-set',
'x_mitre_attack_spec_version': '3.2.0',
'x_mitre_deprecated': False,
'x_mitre_domains': ['enterprise-attack'],
'x_mitre_modified_by_ref': 'identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5',
'x_mitre_version': '1.0'}