Russian Threat Actor TAG-110 Goes Phishing in Tajikistan - #APT28
APT28, a Russian cyber espionage group linked to the GRU, has been evolving its tactics and expanding its operations globally since 2022. The group primarily targets government, diplomatic, and defense institutions, employing sophisticated malware, zero-day exploits, and phishing campaigns. Their activities range from intelligence gathering to influence operations, including election interference and hack-and-leak campaigns. Recent reports highlight APT28's use of advanced obfuscation techniques in their malware, such as the HTA Trojan, and their involvement in a four-year cyber-espionage campaign against French entities. The group's persistent threat is evidenced by their targeting of critical infrastructure, sensitive systems, and organizations involved in coordinating aid to Ukraine, utilizing a variety of attack methods and continuously adapting their strategies to evade detection.