Russian Cyberespionage Group Hit 60 Victims in Asia, Europe

A Russia-linked cyberespionage group has made over 60 victims in Asia and Europe, mainly in the government, human rights, and education sectors, Recorded Future reports.

Initially identified in May 2023 and tracked as TAG-110, the threat actor’s activity overlaps that of UAC-0063, which Ukraine’s CERT team has linked to Russian state-sponsored advanced persistent threat (APT) actor APT28 (also known as BlueDelta, Fancy Bear, Forrest Blizzard, Sednit, and Sofacy).

TAG-110 has been active since at least 2021, targeting government, education, and research entities in Central Asia, India, Israel, Mongolia, and Ukraine with malware such as HatVibe, CherrySpy, LogPie, and StillArch.

As part of the ongoing cyberespionage campaign uncovered by Recorded Future, the threat actor was seen deploying HatVibe and CherrySpy against entities in Tajikistan, Kyrgyzstan, Turkmenistan, and Kazakhstan, with additional victims in Armenia, China, India, Greece, Ukraine, Uzbekistan, and Hungary.

Since July 2024, Recorded Future identified 62 unique TAG-110 ...