New APT28-linked cyberespionage campaign aimed at Central Asia

Central Asian diplomatic entities have been subjected to an ongoing cyberespionage campaign by hacking group UAC-0063, which has been linked to Russian state-backed threat operation APT28, according to The Record, a news site by cybersecurity firm Recorded Future.

UAC-0063 leveraged trojanized legitimate documents from Kazakhstan's Ministry of Foreign Affairs tackling the country's diplomatic cooperation with other nations between 2021 and 2024 to facilitate the distribution of the Hatvibe and Cherryspy payloads, a report from Sekoia revealed. While both malware strains had already been used in older cyberespionage intrusions against Ukraine and Asia, UAC-0063's attacks have been primarily focused on circumventing detection by security systems. "The objective of this partially uncovered campaign is likely to gather strategic and economic intelligence on Kazakhstan's relations with Western and Central Asian countries, aiming to preserve Russia's influence in a region historically within its sphere of control," said researchers.