from Joker@sh.itjust.works to cybersecurity@infosec.pub on 22 Nov 00:24
https://sh.itjust.works/post/28443344
Summary
Insikt Group has identified an ongoing cyber-espionage campaign conducted by TAG-110, a Russia-aligned threat group targeting organizations in Central Asia, East Asia, and Europe. Using custom malware tools HATVIBE and CHERRYSPY, TAG-110 primarily attacks government entities, human rights groups, and educational institutions. The campaign’s tactics align with the historical activities of UAC-0063, attributed to Russian APT group BlueDelta (APT28). HATVIBE functions as a loader to deploy CHERRYSPY, a Python backdoor used for data exfiltration and espionage. Initial access is often achieved through phishing emails or exploiting vulnerable web-facing services like Rejetto HTTP File Server.
TAG-110’s efforts are likely part of a broader Russian strategy to gather intelligence on geopolitical developments and maintain influence in post-Soviet states. Insikt Group provides actionable insights, including indicators of compromise and Snort and YARA rules, to help organizations.
threaded - newest