Summary: Researchers have uncovered a cyber-espionage campaign linked to the Kremlin-backed threat actor APT28, targeting diplomatic entities in Central Asia to gather economic and political intelligence. The group, known as UAC-0063, has been active since 2021 and has previously targeted various sectors in multiple countries, including Kazakhstan.
Threat Actor: APT28 | APT28
Victim: Diplomatic entities in Central Asia | diplomatic entities in Central Asia
Key Point :
- UAC-0063 has targeted diplomatic, nonprofit, academic, and defense entities in various countries.
- The hackers used legitimate documents from Kazakhstan’s Ministry of Foreign Affairs to deliver malware.
- Malware strains Cherryspy and Hatvibe were utilized in this campaign, focusing on bypassing security measures.
- The campaign aims to gather strategic intelligence on Kazakhstan’s foreign relations to maintain Russian influence in the region.
Source: https://therecord.media/hackers-kremlin-kazakhstan-espionage-campaign