Summary: A suspected Russia-nexus threat actor, UAC-0063, has been conducting spear phishing attacks targeting diplomatic entities in Kazakhstan, linked to the notorious APT28 group. These operations aim to collect intelligence from various organizations in Eastern Europe and Central Asia, particularly in the context of Kazakhstan’s evolving diplomatic relations. The latest campaign involves malicious documents that exploit Microsoft Word macros to deploy backdoors for remote code execution.
Threat Actor: UAC-0063 | UAC-0063
Victim: Kazakhstan | Kazakhstan
Keypoints :
- UAC-0063 has been active since at least 2021 and is associated with APT28, known for high-profile cyber attacks.
- The phishing campaign uses legitimate-looking documents to trick users into enabling macros, which then execute malicious code.
- This cyber espionage effort aligns with Russia’s strategic interests in monitoring Kazakhstan’s diplomatic engagements, especially amid its distancing from Russia.