Specialists from Insikt Group Recorded Future discovered that since July 2023, a hacker group known as TAG-110 has targeted dozens of entities in Central Asia, including human rights organizations, private security companies, as well as government and educational institutions, as reported by The Record.
he attacks were carried out using specialized malware, including the Hatvibe loader and the Cherryspy backdoor, to infect the victims' systems.
Notably, these attacks are linked to the group BlueDelta, also known as APT28 or Fancy Bear, which has previously been involved in a number of major cyberattacks associated with the Russian government. Experts believe that TAG-110 is acting in the interests of Russian military intelligence (GRU), seeking to gather intelligence to support Russia's military efforts, particularly to aid in the conflict with Ukraine and monitor geopolitical events in neighboring countries.
The cyber espionage campaign primarily affected Tajikistan, Kyrgyzstan, Turkmenistan, and Kazakhstan, but attacks have also been recorded in other countries, including India, Israel, Mongolia, and Ukraine. Malicious email attachments and vulnerabilities in web services were used to deliver the malicious tools to the target systems. Analysts are confident that the TAG-110 campaigns will continue and are likely to target Central Asian countries, Ukraine, and its allies in the future.
