Summary: Security researchers have uncovered a cyber espionage campaign known as the “Double-Tap Campaign,” linked to Russia’s APT28, targeting intelligence collection in Central Asia, particularly Kazakhstan. The campaign utilizes legitimate documents as spearphishing bait, showcasing a sophisticated infection chain involving advanced malware techniques.

Threat Actor: UAC-0063 | APT28
Victim: Kazakhstan | Kazakhstan

Key Point :

• The campaign employs a “Double-Tap” technique, using two malicious Word documents to execute commands and deploy the HATVIBE backdoor.
• Malware strains involved include HATVIBE, a stealthy backdoor, and CHERRYSPY, a more complex Python backdoor enhancing espionage capabilities.
• Documents used in the campaign were verified as authentic, indicating a high level of sophistication in the spearphishing strategy.
• The operation aligns with Russia’s strategic interests in maintaining influence over Kazakhstan amid its growing ties with Western nations.