VERY IMPORTANT

An active cyber-espionage campaign by UAC-0063 is targeting organizations in Central Asia and Europe, including government entities and diplomatic missions. The group exploits previously compromised victims by weaponizing exfiltrated documents to deliver HATVIBE malware. They use sophisticated tools like DownExPyer, PyPlunderPlug, and LOGPIE for data exfiltration and keylogging. The campaign has expanded beyond Central Asia to European countries such as Germany, the UK, Netherlands, Romania, and Georgia. The group's tactics include initial access through weaponized documents, persistent access via scheduled tasks, and various data collection methods. While there are similarities with APT28, definitive attribution remains uncertain. The ongoing operations and infrastructure maintenance indicate an active and evolving threat.