Press ESC to close

Hackers with likely Kremlin ties target Kazakhstan in espionage campaign

Category Details
Threat Actors UAC-0063 (linked to APT28/Fancy Bear/BlueDelta, tied to Russian GRU)
Campaign Overview Cyber-espionage targeting diplomatic entities in Kazakhstan and other Central Asian countries to gather political and economic intelligence.
Target Regions Kazakhstan, Kyrgyzstan, Tajikistan, Ukraine, Israel, India
Methodology Use of legitimate documents (correspondence, drafts, administrative notes) as phishing lures to deliver malware.
Product Targeted Diplomatic, nonprofit, academic, energy, and defense entities.
Malware Reference Cherryspy (Python backdoor), Hatvibe (backdoor for downloading additional files).
Tools Used Legitimate documents, malware (Cherryspy, Hatvibe), command-and-control server, open-source collection.
Vulnerabilities Exploited Not explicitly mentioned, but emphasis on bypassing security solutions.
TTPs Use of spear-phishing with legitimate documents, malware deployment, bypassing security measures, targeting diplomatic entities.
Attribution UAC-0063, attributed with medium confidence to APT28 (Russian GRU).
Recommendations Strengthen security measures against spear-phishing and malware attacks, monitor foreign relations closely, enhance intelligence gathering.
Source The Record

Read full article: https://therecord.media/hackers-kremlin-kazakhstan-espionage-campaign

The above summary has been generated by an AI language model

Stay Updated with Our Newsletter

  

Source: The Record

Published on: January 14, 2025

Leave a Reply

Your email address will not be published. Required fields are marked *