Cyber Crime
Russia-Linked Hacker Group TAG-110 Hits 60+ Targets Across Asia and Europe in Espionage Blitz
A cyberespionage group with suspected ties to Russia has been linked to over 60 incidents targeting organizations across Asia and Europe, particularly in government, education, and human rights sectors, according to a report by Recorded Future.
Known as TAG-110, the group was first identified in May 2023 and shares similarities with UAC-0063, which Ukraine’s CERT team attributes to the Russian state-sponsored APT group APT28 (also referred to as Fancy Bear, BlueDelta, and Sofacy). However, evidence suggests TAG-110 has been active since at least 2021, focusing on entities in Central Asia, India, Israel, Mongolia, and Ukraine.
Recent campaigns by TAG-110, uncovered by Recorded Future, deployed malware like HatVibe and CherrySpy against targets in Tajikistan, Kyrgyzstan, Turkmenistan, and Kazakhstan, as well as victims in countries such as Armenia, China, Greece, and Hungary. High-profile targets included Kazakhstan’s KMG-Security, an educational institution in Tajikistan, and Uzbekistan’s National Center for Human Rights.
TAG-110 employs sophisticated tactics, including malicious email attachments and exploiting vulnerable internet-facing services like Rejetto HTTP File Server. HatVibe, a custom HTML Application loader introduced in 2023, facilitates the execution of commands from the group’s command-and-control (C&C) servers. Meanwhile, CherrySpy, a Python-based backdoor, ensures persistence and enables continuous monitoring and data exfiltration.
Recorded Future notes that TAG-110’s activities align with Russia’s geopolitical interests, particularly in maintaining influence in Central Asia. Intelligence gathered likely supports Moscow’s military and strategic objectives, reinforcing its regional presence amidst global tensions.