Attacks with the HATVIBE and CHERRYSPY payloads have been deployed by Russian hacking operation TAG-110, which is associated with the APT28-linked UAC-0063, against up to 62 organizations across Central and East Asia and Europe, particularly those in the government and education sectors and human rights groups, as part of its intelligence gathering activities, The Hacker News reports.
TAG-110 leveraged vulnerable internet-exposed web apps and phishing emails to facilitate the delivery of the HATVIBE app loader that triggers that data exfiltrating CHERRYSPY backdoor, according to an analysis from Recorded Future's Insikt Group. "TAG-110's efforts are likely part of a broader Russian strategy to gather intelligence on geopolitical developments and maintain influence in post-Soviet states. These regions are significant to Moscow due to strained relations following Russia's invasion of Ukraine," said researchers. Such a development comes after an earlier Recorded Future report detailed Russia's escalating "sabotage operations" against the West as it seeks to undermine political alliances and military capabilities.
