| SYMBOL | COMMON_NAME | aka. SYNONYMS |
UAC-0063 is a threat actor linked to Russian APT28, known for targeting government entities in Ukraine and Central Asia for cyber espionage operations. They utilize keyloggers, backdoors, and malware like Hatvibe and Cherryspy to compromise systems and exfiltrate sensitive information. The group has been active since at least 2021 and has shown interest in targeting organizations in Mongolia, Kazakhstan, Kyrgyzstan, Israel, and India. Their TTPs include spear-phishing campaigns and exploiting vulnerabilities in software products like HFS HTTP File Server and Rejetto file-sharing servers.
| 2025-01-30
⋅
Bitdefender
⋅
UAC-0063: Cyber Espionage Operation Expanding from Central Asia HATVIBE |
| 2025-01-13
⋅
Sekoia
⋅
Double-Tap Campaign: Russia-nexus APT possibly related to APT28 conducts cyber espionage on Central Asia and Kazakhstan diplomatic relations HATVIBE |
| 2025-01-13
⋅
Sekoia
⋅
Double-Tap Campaign: Russia-nexus APT possibly related to APT28 conducts cyber espionage on Central Asia and Kazakhstan diplomatic relations HATVIBE |
| 2024-11-21
⋅
Recorded Future
⋅
Russia-Aligned TAG-110 Targets Asia and Europe with HATVIBE and CHERRYSPY HATVIBE |
| 2024-07-24
⋅
SOC Prime
⋅
UAC-0063 Attack Detection: Hackers Target Ukrainian Research Institutions Using HATVIBE, CHERRYSPY, and CVE-2024-23692 UAC-0063 |
| 2024-07-21
⋅
⋅
Cert-UA
⋅
UAC-0063 Attacks Research Institutions of Ukraine: HATVIBE + CHERRYSPY + CVE-2024-23692 (CERT-UA#10356) HATVIBE |
| 2023-05-22
⋅
⋅
Cert-UA
⋅
Espionage activity of UAC-0063 against Ukraine, Kazakhstan, Kyrgyzstan, Mongolia, Israel, India (CERT-UA#6549) UAC-0063 |
| 2023-05-10
⋅
Bitdefender
⋅
Deep Dive Into DownEx Espionage Operation in Central Asia DownEx |