Russian-Linked Hackers Target Kazakhstan in Espionage Campaign with HATVIBE Malware
Jan 14, 2025
Surveillance / Malware
Russia-linked threat actors have been attributed to an ongoing cyber espionage campaign targeting Kazakhstan as part of the Kremlin's efforts to gather economic and political intelligence in Central Asia. The campaign has been assessed to be the work of an intrusion set dubbed UAC-0063 , which likely shares overlap with APT28, a nation-state group affiliated with Russia's General Staff Main Intelligence Directorate (GRU). It's also known as Blue Athena, BlueDelta, Fancy Bear, Fighting Ursa, Forest Blizzard, FROZENLAKE, Iron Twilight, ITG05, Pawn Storm, Sednit, Sofacy, and TA422. UAC-0063 was first documented by the Computer Emergency Response Team of Ukraine (CERT-UA) in early 2023, detailing its attacks on government entities using malware families tracked as HATVIBE, CHERRYSPY, and STILLARCH (aka DownEx). It's worth pointing out that the use of these malware strains has been exclusive to this group. Subsequent campaigns have been observed setting their sights o...