Central Asian government organizations have been targeted in a highly targeted and sophisticated espionage campaign, leveraging a new strain of malware dubbed "DownEx," which is used to exfiltrate files to a command-and-control server. Bitdefender detected the malware, with evidence pointing towards Russian threat actors. The attacks were found to employ a variety of custom tools, including C/C++-based binaries and a Python script. The campaign is believed to use spear-phishing emails bearing a booby-trapped payload to gain initial access to networks.