Summary: Security researchers have uncovered a cyber espionage campaign known as the “Double-Tap Campaign,” linked to Russia’s APT28, targeting intelligence collection in Central Asia, particularly Kazakhstan. The campaign utilizes legitimate documents as spearphishing bait, showcasing a sophisticated infection chain involving advanced malware techniques.
Threat Actor: UAC-0063 | APT28
Victim: Kazakhstan | Kazakhstan
Key Point :
- The campaign employs a “Double-Tap” technique, using two malicious Word documents to execute commands and deploy the HATVIBE backdoor.
- Malware strains involved include HATVIBE, a stealthy backdoor, and CHERRYSPY, a more complex Python backdoor enhancing espionage capabilities.
- Documents used in the campaign were verified as authentic, indicating a high level of sophistication in the spearphishing strategy.
- The operation aligns with Russia’s strategic interests in maintaining influence over Kazakhstan amid its growing ties with Western nations.
Source: https://securityonline.info/apt28s-new-espionage-campaign-uses-double-tap-infection-chain/