Russia-nexus APT possibly related to APT28 conducts cyber espionage on Central Asia and Kazakhstan diplomatic relations
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
A cyber espionage campaign targeting Central Asian countries, particularly Kazakhstan's external relations, has been uncovered. The campaign, attributed to the Russia-aligned intrusion set UAC-0063, uses a sophisticated infection chain called Double-Tap to deliver the HATVIBE and CHERRYSPY malware. The attackers weaponized legitimate documents from Kazakhstan's Ministry of Foreign Affairs, focusing on diplomatic and economic topics. This operation aims to gather strategic intelligence on Kazakhstan's relations with Western and Central Asian countries, likely to preserve Russia's influence in the region. Technical similarities with APT28-related Zebrocy campaigns suggest a possible connection to Russian intelligence services. The campaign highlights Russia's efforts to maintain its strategic foothold in Central Asia amidst Kazakhstan's growing ties with Western states and China.
OPENCTI LABELS :
apt28,cyber espionage,cherryspy,diplomatic,central asia,double-tap,hatvibe,kazakhstan
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Russia-nexus APT possibly related to APT28 conducts cyber espionage on Central Asia and Kazakhstan diplomatic relations