Cyber Espionage Operation Expanding from Central Asia
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
An active cyber-espionage campaign by UAC-0063 is targeting organizations in Central Asia and Europe, including government entities and diplomatic missions. The group exploits previously compromised victims by weaponizing exfiltrated documents to deliver HATVIBE malware. They use sophisticated tools like DownExPyer, PyPlunderPlug, and LOGPIE for data exfiltration and keylogging. The campaign has expanded beyond Central Asia to European countries such as Germany, the UK, Netherlands, Romania, and Georgia. The group's tactics include initial access through weaponized documents, persistent access via scheduled tasks, and various data collection methods. While there are similarities with APT28, definitive attribution remains uncertain. The ongoing operations and infrastructure maintenance indicate an active and evolving threat.
OPENCTI LABELS :
cyber-espionage,government targets,central asia,hatvibe,downexpyer,weaponized documents,pyplunderplug,logpie
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Cyber Espionage Operation Expanding from Central Asia