A recent cyber-espionage campaign by Russia-aligned threat actor TAG-110 targets Tajikistan’s public sector using sophisticated macro-enabled Word templates. The campaign aims to gather intelligence on government and research institutions, highlighting the evolving tactics of TAG-110 supporting Russia’s strategic interests in Central Asia. #TAG-110 #APT28
Keypoints
- TAG-110 is deploying macro-enabled Word templates to establish persistent access to target systems.
- The campaign focuses on collecting intelligence from Tajikistan’s government, military, and research sectors.
- Macros use VBA code to gather system information, maintain persistence, and communicate with command-and-control servers.
- Organizations are advised to monitor Word startup folders, disable macros, and strengthen registry permissions for protection.
- The evolving tactics of TAG-110 reflect ongoing efforts to support Russia’s regional strategic interests in Central Asia.