Press ESC to close

Russian-Linked Hackers Target Kazakhstan in Espionage Campaign with HATVIBE Malware

 

Category Details
Threat Actors UAC-0063, linked to APT28 (Russian GRU-affiliated group, also known as Fancy Bear, Sednit, etc.)
Campaign Overview Cyber espionage campaign targeting Kazakhstan, involving spear-phishing with Microsoft Office documents to deploy malware (HATVIBE, CHERRYSPY).
Target Regions Kazakhstan, Central Asia, East Asia, Eastern Europe
Methodology Spear-phishing emails with malicious Microsoft Office documents; multi-stage infection chain (Double-Tap); use of HTA file with VBS backdoor (HATVIBE), Python backdoor (CHERRYSPY).
Product Targeted Microsoft Office documents (weaponized for malware delivery)
Malware Reference HATVIBE (loader), CHERRYSPY (Python backdoor), other malware related to APT28
Tools Used Legitimate Microsoft Office documents, HTA files, VBS scripts, mshta.exe, scheduled tasks, settings.xml file
Vulnerabilities Exploited Likely unknown vulnerabilities related to document macros and file execution
TTPs Spear-phishing, macro-based malware execution, anti-emulation, obfuscation (e.g., storing malicious code in settings.xml, using mshta.exe, scheduled task without schtasks.exe)
Attribution UAC-0063 attributed to APT28 (Russia-linked), based on malware overlap and attack techniques
Recommendations Enhanced email security, secure handling of macros, monitoring for unusual file execution and scheduled tasks
Source The Hackers News

Read full article: https://thehackernews.com/2025/01/russian-linked-hackers-target.html

The above summary has been generated by an AI language model

Stay Updated with Our Newsletter

  

Source: TheHackersNews

Published on: January 14, 2025

Leave a Reply

Your email address will not be published. Required fields are marked *