Bitdefender Labs has issued a warning about a cyber-espionage campaign targeting organizations in Central Asia and Europe by the group UAC-0063, which uses advanced tactics to infiltrate high-value targets, including government and diplomatic entities, reports Itbrief.
Since the Ukraine conflict, Russia's influence in Central Asia has declined, while China has increased its presence, particularly through economic ties and the Belt and Road Initiative. This shift has created opportunities for cyber-espionage, with UAC-0063 exploiting the geopolitical tension to breach government institutions and steal sensitive data. Bitdefender and CERT-UA have observed the group's expansion into targeting embassies in countries like Germany, the UK, the Netherlands, Romania, and Georgia.
UAC-0063 is suspected of being linked to the Russian cyber-espionage group APT28, though the evidence remains inconclusive.
"There is a moderate confidence assessment by CERT-UA that UAC-0063 is linked to the Russian cyber-espionage group APT28 (BlueDelta). However, the specific basis for this assessment remains unclear," Bitdefender Labs pointed out, acknowledging overlapping interests but not confirmed attribution.
The group gains initial access by exploiting compromised Microsoft Word documents containing HATVIBE malware, often delivered through Kazakh embassy websites, using social engineering to activate malicious macros.
UAC-0063 employs tools such as PyPlunderPlug and DownExPyer for data theft and maintains active infrastructure, suggesting ongoing operations. The campaign has extended into European countries.
Bitdefender stresses the importance of a multi-layered defense system to counter such sophisticated threats. They highlight the need for strong prevention, detection, and response strategies to protect against attackers like UAC-0063. While the group's activities align with potential Russian interests, attribution remains uncertain.
