| Category | Details |
|---|---|
| Threat Actors | TAG-110 (Linked to BlueDelta/APT28/Fancy Bear). |
| Campaign Overview | Russia-linked cyber-espionage targeting human rights groups, private security firms, and state/educational institutions across Central Asia, East Asia, and Europe. |
| Target Regions | Central Asia (Tajikistan, Kyrgyzstan, Turkmenistan, Kazakhstan), East Asia, Europe, Ukraine, India, Israel, and Mongolia. |
| Methodology | Delivered custom malware via malicious Microsoft Word email attachments and exploited vulnerable web-facing services. |
| Product Targeted | Not product-specific; targets human rights, private security, state, and educational systems. |
| Malware Reference | Hatvibe loader and Cherryspy backdoor. |
| Tools Used | Malicious email attachments (Microsoft Word), exploitation of vulnerable web services. |
| Vulnerabilities Exploited | Specific vulnerabilities in web-facing services (not detailed). |
| TTPs | - Initial Access (T1566.001): Spear-phishing via malicious documents. - Persistence (T1547): Malware loaders and backdoors. - Exploitation of vulnerable services. |
| Attribution | Likely linked to Russia’s GRU via APT28/BlueDelta/Fancy Bear. |
| Recommendations | - Strengthen email security and user training. - Patch web-facing services promptly. - Use threat intelligence feeds to monitor TAG-110 activities. - Deploy EDR solutions. |
| Source | The Record |
Read full article: https://therecord.media/central-asia-cyber-espionage-tag-110-russia
Disclaimer: The above summary has been generated by an AI language model.
Comments (1)
APT28's 2024 Cyber Operations: A Comprehensive Roundup - Osint10xsays:
December 28, 2024 at 5:47 pm[…] APT28, also known as Fancy Bear, Sofacy, or Forest Blizzard, has been a popular name in the world of cyber-espionage for nearly two decades. This Russian state-sponsored Advanced Persistent Threat (APT) group, affiliated with the GRU (Russian military intelligence), is synonymous with sophistication, adaptability, and geopolitical influence. Active since at least the mid-2000s, APT28 has consistently targeted governments, militaries, media, and critical infrastructure worldwide, using sophisticated malware and exploiting vulnerabilities to achieve its objectives. […]