Attacks with macro-enabled Microsoft Word template files have been deployed by Russian hacking operation TAG-110, also known as UAC-0063, as part of a new spear-phishing campaign against Tajikistan since January, according to The Hacker News.
TAG-110 distributed malicious emails with Tajikistan government-themed files containing a VBA macro enabling document template placement in the Microsoft Word startup folder for command-and-control communications and further VBA code execution, a report from Recorded Future's Insikt Group showed. Additional details regarding the second-stage payloads launched in the attack campaign remain uncertain. However, TAG-110 most likely spread the HATVIBE, LOGPIE, or CHERRYSPY payloads, as well as a novel cyberespionage-focused malware. Such findings, which come after TAG-110 was linked to Russian state-backed threat group APT28, were noted by researchers to indicate a shift in tactics for the hacking gang, which previously tapped HTA-embedded attachments in spear-phishing attacks spreading HATVIBE. "These cyberespionage operations likely aim to gather intelligence for influencing regional politics or security, particularly during sensitive events like elections or geopolitical tensions," researchers added.
TAG-110 distributed malicious emails with Tajikistan government-themed files containing a VBA macro enabling document template placement in the Microsoft Word startup folder for command-and-control communications and further VBA code execution, a report from Recorded Future's Insikt Group showed. Additional details regarding the second-stage payloads launched in the attack campaign remain uncertain. However, TAG-110 most likely spread the HATVIBE, LOGPIE, or CHERRYSPY payloads, as well as a novel cyberespionage-focused malware. Such findings, which come after TAG-110 was linked to Russian state-backed threat group APT28, were noted by researchers to indicate a shift in tactics for the hacking gang, which previously tapped HTA-embedded attachments in spear-phishing attacks spreading HATVIBE. "These cyberespionage operations likely aim to gather intelligence for influencing regional politics or security, particularly during sensitive events like elections or geopolitical tensions," researchers added.
