Russia-nexus APT possibly related to APT28 conducts cyber espionage on Central Asia and Kazakhstan diplomatic relations
Jan. 14, 2025, 8:46 a.m.
Tags
External References
Description
A cyber espionage campaign targeting Central Asian countries, particularly Kazakhstan's external relations, has been uncovered. The campaign, attributed to the Russia-aligned intrusion set UAC-0063, uses a sophisticated infection chain called Double-Tap to deliver the HATVIBE and CHERRYSPY malware. The attackers weaponized legitimate documents from Kazakhstan's Ministry of Foreign Affairs, focusing on diplomatic and economic topics. This operation aims to gather strategic intelligence on Kazakhstan's relations with Western and Central Asian countries, likely to preserve Russia's influence in the region. Technical similarities with APT28-related Zebrocy campaigns suggest a possible connection to Russian intelligence services. The campaign highlights Russia's efforts to maintain its strategic foothold in Central Asia amidst Kazakhstan's growing ties with Western states and China.
Date
Published: Jan. 13, 2025, 4:41 p.m.
Created: Jan. 13, 2025, 4:41 p.m.
Modified: Jan. 14, 2025, 8:46 a.m.
Indicators
f3e225b2b45b18a68fc3b13670f4ada91512194b
937b30aef519c49dd523736c2af94489bab6d9f9
9ba2ec040d8181891b90bbe3b4833acce51b02fd
d21f2469cacf40de30e62b372e9dd576bdbd95ac
56b8e530ea74a37d9c6bfbe41dea2952340a903b
bbb678f7214580d290db3b6aeb1fab09df3d680a
2fa44b62209f7181ad91a06af294f13daa096b29
apt_UAC0063_HATVIBE_loader_deobfuscated_VBA
apt_UAC0063_HATVIBE_loader_obfuscated_VBA
lookup.ink
download-resourses.info
background-services.net
Attack Patterns
CHERRYSPY
HATVIBE
UAC-0063
T1132.001
T1053.005
T1059.005
T1547.001
T1071.001
T1204.002
T1105
T1036
T1140
T1027
T1112
Additional Informations
Government
Turkmenistan
Mongolia
Afghanistan
Kyrgyzstan
Tajikistan
Uzbekistan
Belgium
Germany
Kazakhstan