Russia-Linked Hackers Target Tajikistan Government with Weaponized Word Documents
May 27, 2025
Malware / Threat Intelligence
The Russia-aligned threat actor known as TAG-110 has been observed conducting a spear-phishing campaign targeting Tajikistan using macro-enabled Word templates as an initial payload. The attack chain is a departure from the threat actor's previously documented use of an HTML Application (.HTA) loader dubbed HATVIBE, Recorded Future's Insikt Group said in an analysis. "Given TAG-110's historical targeting of public sector entities in Central Asia, this campaign is likely targeting government, educational, and research institutions within Tajikistan," the cybersecurity company noted . "These cyber espionage operations likely aim to gather intelligence for influencing regional politics or security, particularly during sensitive events like elections or geopolitical tensions." TAG-110, also called UAC-0063, is the name assigned to a threat activity group that's known for its targeting of European embassies, as well as other organizations in Cent...
