2025-01-17 16:36:15 Pacfic
Russian APT Targets Kazakhstan With HATVIBE Malware - 1d
A Russian-linked APT group, known as UAC-0063, is actively targeting Kazakhstan and other Central Asian countries in a cyber espionage campaign. This group, which has connections to APT28 and Russian GRU cyber activities, is using spear-phishing tactics. They utilize weaponized Microsoft Office documents, designed to deploy the HATVIBE malware and CHERRYSPY. The campaign's goal is to gather economic and political intelligence. The Computer Emergency Response Team of Ukraine (CERT-UA) first detailed UAC-0063's activities in early 2023, noting that their targets include government entities across Ukraine, Central Asia, East Asia, and Europe.
The attack chain, dubbed "Double-Tap" by researchers, begins when a user enables a malicious macro in a spear-phishing document. This macro creates a second weaponized document and opens it in a hidden instance of Microsoft Word. This then executes a malicious HTA file embedding a VBS backdoor named HATVIBE. HATVIBE acts as a loader, downloading further VBS modules leading to the deployment of a Python backdoor known as CHERRYSPY. These techniques allow the malware to bypass security measures and maintain persistence.
ImgSrc: t7f4e9n3.delivery.rocketcdn.me
References:
- blog.sekoia.io - Double-Tap Campaign: Russia-nexus APT possibly related to APT28 conducts cyber espionage on Central Asia and Kazakhstan diplomatic relations - 1d
- ciso2ciso.com - Russia-linked APT UAC-0063 target Kazakhstan in with HATVIBE malware – Source: securityaffairs.com - 1d
- osint10x.com - Russian-Linked Hackers Target Kazakhstan in Espionage Campaign with HATVIBE Malware - 1d
- Security Archives - Security Affairs - Russia-linked APT UAC-0063 target Kazakhstan in with HATVIBE malware - 1d
- The Hacker News - Russian-Linked Hackers Target Kazakhstan in Espionage Campaign with HATVIBE Malware - 1d
- osint10x.com - Hackers with likely Kremlin ties target Kazakhstan in espionage campaign - 1d
- Osint10x - Hackers with likely Kremlin ties target Kazakhstan in espionage campaign - 1d
- CISO2CISO.COM & CYBER SECURITY GROUP - Russia-linked APT UAC-0063 target Kazakhstan in with HATVIBE malware – Source: securityaffairs.com - 22h
- Security Risk Advisors - 🚩 Russian APT Group Targets Kazakhstan Diplomacy with Double-Tap Malware Campaign - 17h
Classification:
- HashTags: CyberEspionage APT28 CentralAsia
- Company: Russia
- Target: Kazakhstan
- Attacker: UAC-0063
- Product: Microsoft Office
- Feature: Cyber Espionage
- Type: Espionage
- Severity: Major