A recent analysis by Recorded Future’s Insikt Group reveals that the Russian-aligned threat actor TAG-110 has intensified its espionage activities targeting key institutions in Tajikistan. This state-sponsored group is reportedly aiming to extend Russian influence in Central Asia through cyber operations focused on governmental and educational organizations.
The Ukrainian Cybersecurity agency CERT-UA noted that TAG-110’s operations show overlaps with the cyber espionage group UAC-0063, indicating a wider strategy of Russian cyber threats in the region. As the conflict in Ukraine continues, TAG-110’s activities further emphasize Russia’s intent to maintain a sphere of influence in its post-Soviet neighbors, threatening the security architecture of Central Asia. More details can be found in the Recorded Future report.
TAG-110’s current operations have utilized phishing tactics, including spear-phishing emails disguised as government-related documents. The group’s use of trojanized files—which appear legitimate but contain malicious content—demonstrates a sophisticated approach to cyber espionage. Reportedly, these documents have pertained to topics critical to the Tajik government, such as military radiation safety protocols and electoral schedules in the capital, Dushanbe.
As the phishing campaign unfolded, security experts observed new malware tactics that sidestepped typical infection pathways. Current recommendations from Recorded Future suggest organizations counteract such threats by disabling macros in Microsoft Office applications, which would mitigate risk exposure from macro-enabled documents.
The persistence of Russian cyber activity outside Ukraine, despite wartime distractions, has raised alarms. An anonymous Recorded Future analyst stated that Russian APT groups never ceased operations against foreign entities, including in Europe and Central Asia, indicating an ongoing focus on both espionage and disruption. These efforts are likely aligned with broader military objectives, highlighting a strategic focus on acquiring intelligence that could buttress Russia’s geopolitical aspirations.