Press ESC to close

Dozens of Central Asian targets hit in recent Russia-linked cyber-espionage campaign

Category Details
Threat Actors TAG-110 (Linked to BlueDelta/APT28/Fancy Bear).
Campaign Overview Russia-linked cyber-espionage targeting human rights groups, private security firms, and state/educational institutions across Central Asia, East Asia, and Europe.
Target Regions Central Asia (Tajikistan, Kyrgyzstan, Turkmenistan, Kazakhstan), East Asia, Europe, Ukraine, India, Israel, and Mongolia.
Methodology Delivered custom malware via malicious Microsoft Word email attachments and exploited vulnerable web-facing services.
Product Targeted Not product-specific; targets human rights, private security, state, and educational systems.
Malware Reference Hatvibe loader and Cherryspy backdoor.
Tools Used Malicious email attachments (Microsoft Word), exploitation of vulnerable web services.
Vulnerabilities Exploited Specific vulnerabilities in web-facing services (not detailed).
TTPs – Initial Access (T1566.001): Spear-phishing via malicious documents.
– Persistence (T1547): Malware loaders and backdoors.
– Exploitation of vulnerable services.
Attribution Likely linked to Russia’s GRU via APT28/BlueDelta/Fancy Bear.
Recommendations – Strengthen email security and user training.
– Patch web-facing services promptly.
– Use threat intelligence feeds to monitor TAG-110 activities.
– Deploy EDR solutions.
Source The Record

Read full article: https://therecord.media/central-asia-cyber-espionage-tag-110-russia

Disclaimer: The above summary has been generated by an AI language model.

Source: The Record

Published on: November 21, 2024

Comments (1)

  • APT28's 2024 Cyber Operations: A Comprehensive Roundup - Osint10xsays:

    December 28, 2024 at 5:47 pm

    […] APT28, also known as Fancy Bear, Sofacy, or Forest Blizzard, has been a popular name in the world of cyber-espionage for nearly two decades. This Russian state-sponsored Advanced Persistent Threat (APT) group, affiliated with the GRU (Russian military intelligence), is synonymous with sophistication, adaptability, and geopolitical influence. Active since at least the mid-2000s, APT28 has consistently targeted governments, militaries, media, and critical infrastructure worldwide, using sophisticated malware and exploiting vulnerabilities to achieve its objectives. […]

Leave a Reply

Your email address will not be published. Required fields are marked *