Russian Hackers Unleash HATVIBE and CHERRYSPY: A New Era of Cyber Espionage Across Europe and Asia
Russian-linked cyber espionage group TAG-110, using the custom malware tools HATVIBE and CHERRYSPY, has targeted government agencies, human rights organizations, and research institutions across Europe and Asia. This campaign, tied to geopolitical objectives, highlights the growing threats posed by Russian hybrid warfare tactics in the cyber domain.
Who Is Behind the Attack?
- TAG-110, linked to APT28 and UAC-0063, operates with ties to Russian state interests.
- Active since at least 2021, targeting regions central to Russia's geopolitical strategy.
The Tools of Espionage:
- HATVIBE: An HTML application loader used to drop malware.
- CHERRYSPY: A Python-based backdoor for data exfiltration and espionage.
Regions and Victims:
- Focus on Central Asia, including Tajikistan, Kyrgyzstan, and Uzbekistan.
- Additional targets in Ukraine, India, Hungary, Greece, and China.
- A total of 62 unique victims identified across 11 countries.
Attack Methods:
- Exploitation of security vulnerabilities in web applications like Rejetto HTTP File Server.
- Phishing emails as an initial vector to deploy malware.
Broader Implications:
- Part of a larger Russian strategy to maintain influence in post-Soviet states.
- Cyber operations align with physical sabotage attacks on European critical infrastructure.
- Goal: Destabilize NATO allies, weaken military capabilities, and disrupt political alliances.
TAG-110's sophisticated use of HATVIBE and CHERRYSPY highlights the escalating threat of state-sponsored cyber espionage campaigns. These attacks not only disrupt regional stability but also serve as a critical component of Russia's hybrid warfare strategy. Governments and organizations must bolster their cybersecurity measures, including vulnerability patching and phishing resistance, to counter these persistent threats.
Net Protector Cyber Security recommends proactive defense strategies, enhanced endpoint security, and real-time threat intelligence to safeguard critical assets against such advanced cyber threats.
- Other (42)
- Ransomware (127)
- Events and News (26)
- Features (45)
- Security (430)
- Tips (79)
- Google (22)
- Achievements (9)
- Products (33)
- Activation (7)
- Dealers (1)
- Bank Phishing (42)
- Malware Alerts (194)
- Cyber Attack (221)
- Data Backup (11)
- Data Breach (79)
- Phishing (139)
- Securty Tips (1)
- Browser Hijack (16)
- Adware (15)
- Email And Password (67)
- Android Security (56)
- Knoweldgebase (38)
- Botnet (15)
- Updates (3)
- Alert (70)
- Hacking (57)
- Social Media (7)
- vulnerability (54)
- Hacker (31)
- Spyware (8)
- Windows (6)
- Microsoft (21)
- Uber (1)
- YouTube (1)
- Trojan (2)
- Website hacks (3)
- Paytm (1)
- Credit card scam (1)
- Telegram (3)
- RAT (5)
- Bug (3)
- Twitter (2)
- Facebook (7)
- Banking Trojan (5)
- Mozilla (2)
- COVID-19 (5)
- Instagram (2)
- NPAV Announcement (5)
- IoT Security (1)
- Deals and Offers (1)
- Cloud Security (8)
- Offers (5)
- Gaming (1)
- FireFox (2)
- LinkedIn (2)
- WhatsApp (4)
- Amazon (1)
- DMart (1)
- Payment Risk (4)
- Occasion (2)
- firewall (1)
- Cloud malware (2)
- Cloud storage (2)
- Financial fraud (6)
- Impersonation phishing (1)
- DDoS (4)
- Smishing (2)
- Whale (0)
- Whale phishing (3)
- WINRAR (2)
- ZIP (2)