A Russian-aligned hacking group is conducting a cyber espionage campaign across Europe and Asia, according to Recorded Future.

Insikt Group, Recorded Future’s threat intelligence team, has shared in a November 21 report that a group it tracks as TAG-110 has been using custom malware to compromise government entities, human rights groups and educational institutions.

The researchers have identified 62 unique victims targeted by two TAG-110’s custom malware strains, HatVibe and CherrySpy, across eleven countries, with the most identified victims in Central Asia.

This new campaign allegedly started in July 2024, with 62 unique victims from Armenia, China, Greece, Hungary, India, Kazakhstan, Kyrgyzstan, Tajikistan, Turkmenistan, Ukraine, and Uzbekistan.

The majority were in Central Asian countries (Tajikistan, Kyrgyzstan, Turkmenistan and Kazakhstan), with notable victims including the National Center for Human Rights of the Republic of Uzbekistan, KMG-Security, a subsidiary of the Kazakh state-owned oil and gas enterprise KazMunayGas and a Tajik educational and research institution.

Previous reports have detailed that TAG-110 alongside its primary targets in Central Asia, secondary targets include India, Israel, Mongolia and Ukraine.

Insikt Group believes TAG-110’s motivation is to acquire intelligence to bolster Russiaʼs military efforts in Ukraine and gather insights into geopolitical events in neighboring countries.