An extensive cyber-espionage campaign, attributed to the Russia-linked group known as TAG-110, has been actively targeting human rights organizations, security firms, and state and educational institutions across Central Asia, East Asia, and Europe. This campaign has utilized sophisticated malware to infiltrate and gather intelligence from these entities.
Campaign Overview The Insikt Group, a part of Recorded Future, has tracked over 60 unique victims of TAG-110 since July, predominantly in Tajikistan, Kyrgyzstan, Turkmenistan, and Kazakhstan. Notably, the campaign employs the Hatvibe loader and Cherryspy backdoor delivered through malicious Microsoft Word email attachments and exploits in web-facing services.
Connection to Russian Intelligence TAG-110 is believed to be a facet of the notorious BlueDelta group, also known as APT28 or Fancy Bear, which operates under the direction of Russia’s GRU military intelligence. This group’s activities are part of broader Russian efforts to bolster military intelligence amidst ongoing tensions in Ukraine and strained relations with neighboring countries.
Broader Impact and Future Expectations Beyond Central Asia, TAG-110 has targeted entities in India, Israel, Mongolia, and Ukraine, reflecting a strategic interest in these regions’ geopolitical dynamics. Experts predict that TAG-110 will continue its espionage activities, focusing on post-Soviet states, Ukraine, and its allies in the foreseeable future.
Conclusion The persistence of TAG-110’s activities underscores the continuing cybersecurity threats posed by state-sponsored actors. This campaign highlights the need for increased vigilance and enhanced security measures by targeted states and institutions to counter these sophisticated espionage efforts.
Sponsored • TRJ Ads
Inquiries: contact@therealistjuggernaut.com
