TAG-110, a Russia-aligned threat actor, has shifted its tactics from using HTA-based malware to macro-enabled Word templates in spear-phishing campaigns targeting Tajikistan’s government and research institutions. This evolution indicates a focus on cyber espionage related to regional political and security interests. #TAG-110 #UAC-0063
Keypoints
- TAG-110 is a threat group linked to Russian state-sponsored cyber operations targeting Central Asia and Europe.
- The group has transitioned from using HTA malware to macro-enabled Word templates for initial access.
- The latest campaign has been active since January 2025, focusing on Tajikistan’s government and research sectors.
- The spear-phishing emails use government-themed documents and VBA macros to deliver payloads.
- The threat actor’s activities likely aim to gather intelligence for regional influence and geopolitical purposes.
Read More: https://thehackernews.com/2025/05/russia-linked-hackers-target-tajikistan.html