Category | Details |
---|---|
Threat Actors | TAG-110 (Linked to BlueDelta/APT28/Fancy Bear). |
Campaign Overview | Russia-linked cyber-espionage targeting human rights groups, private security firms, and state/educational institutions across Central Asia, East Asia, and Europe. |
Target Regions | Central Asia (Tajikistan, Kyrgyzstan, Turkmenistan, Kazakhstan), East Asia, Europe, Ukraine, India, Israel, and Mongolia. |
Methodology | Delivered custom malware via malicious Microsoft Word email attachments and exploited vulnerable web-facing services. |
Product Targeted | Not product-specific; targets human rights, private security, state, and educational systems. |
Malware Reference | Hatvibe loader and Cherryspy backdoor. |
Tools Used | Malicious email attachments (Microsoft Word), exploitation of vulnerable web services. |
Vulnerabilities Exploited | Specific vulnerabilities in web-facing services (not detailed). |
TTPs | – Initial Access (T1566.001): Spear-phishing via malicious documents. – Persistence (T1547): Malware loaders and backdoors. – Exploitation of vulnerable services. |
Attribution | Likely linked to Russia’s GRU via APT28/BlueDelta/Fancy Bear. |
Recommendations | – Strengthen email security and user training. – Patch web-facing services promptly. – Use threat intelligence feeds to monitor TAG-110 activities. – Deploy EDR solutions. |
Source | The Record |
Read full article: https://therecord.media/central-asia-cyber-espionage-tag-110-russia
Disclaimer: The above summary has been generated by an AI language model.
Comments (1)
APT28's 2024 Cyber Operations: A Comprehensive Roundup - Osint10xsays:
December 28, 2024 at 5:47 pm[…] APT28, also known as Fancy Bear, Sofacy, or Forest Blizzard, has been a popular name in the world of cyber-espionage for nearly two decades. This Russian state-sponsored Advanced Persistent Threat (APT) group, affiliated with the GRU (Russian military intelligence), is synonymous with sophistication, adaptability, and geopolitical influence. Active since at least the mid-2000s, APT28 has consistently targeted governments, militaries, media, and critical infrastructure worldwide, using sophisticated malware and exploiting vulnerabilities to achieve its objectives. […]