Summary: A Russian-linked hacking group is using legitimate Kazakhstan government documents as phishing lures to deploy malware and spy on officials in Central Asia. This campaign, identified as “Double-Tap,” involves sophisticated malware techniques and targets multiple nations in the region.
Threat Actor: APT 28 (Fancy Bear) | APT 28
Victim: Kazakhstan Government | Kazakhstan Government
Key Point :
- The hacking group is leveraging seemingly legitimate documents to infect and spy on government officials.
- Malware used in the campaign includes HATVIBE and CHERRYSPY, which provide persistent backdoor access.
- The campaign is linked to previous cyber operations targeting Central Asian governments and diplomatic entities.
- Researchers suggest that the documents may have been obtained through prior cyber operations or physical theft.
- Russia aims to maintain political alignment with Kazakhstan amid its shifting international relations.
Source: https://cyberscoop.com/fancy-bear-kazakhstan-russia-sekoia/