Russia-Linked Cyber-Espionage Campaign Targets Central Asia

Researchers have uncovered an active cyber-espionage campaign believed to be linked to Russia, targeting human rights organisations, private security firms, and state and educational institutions across Central Asia, East Asia, and Europe.

The cyber operations, attributed to a group tracked as TAG-110, have infected over 60 victims since July 2024, primarily in Tajikistan, Kyrgyzstan, Turkmenistan, and Kazakhstan, according to Recorded Future’s Insikt Group. TAG-110 is suspected to have ties to the Russian advanced persistent threat (APT) group BlueDelta, also known as APT28 or Fancy Bear, a cyber-espionage unit associated with Russia’s GRU military intelligence.

TAG-110 employed custom malware such as the Hatvibe loader and the Cherryspy backdoor to infiltrate networks. These malicious tools were delivered via compromised Microsoft Word attachments and exploited vulnerabilities in exposed online services, researchers said.

“Like other recent Russian cyber campaigns, TAG-110 likely aims to gather intelligence to support Russia’s military operations in Ukraine and to monitor geopolitical developments in neighbouring countries,” Insikt Group reported.

Central Asia has emerged as a focus for Russian cyber operations, reflecting growing tensions in the region. Analysts suggest that deteriorating relations between Moscow and its neighbours, exacerbated by the ongoing conflict in Ukraine, are driving intelligence-gathering efforts.

TAG-110’s activities date back to at least 2021 and have expanded beyond Central Asia, with targets in India, Israel, Mongolia, and Ukraine. The group is also suspected of aiding Russian espionage operations in allied nations, with researchers anticipating continued focus on post-Soviet states and Ukraine’s partners.

APT28, known for high-profile attacks on Ukraine and its allies, has previously targeted Germany’s Social Democratic Party and Polish government institutions. TAG-110’s campaigns appear to align with broader Russian state objectives, emphasising the persistent threat posed by Kremlin-backed cyber actors.