The Russia-affiliated threat entity identified as TAG-110 has been seen executing a spear-phishing operation aimed at Tajikistan, utilizing macro-enabled Word documents as their initial delivery method.
This sequence of attacks marks a shift from the threat actor’s earlier established use of an HTML Application (.HTA) loader named HATVIBE, as reported by Recorded Future’s Insikt Group in their evaluation.
“In light of TAG-110’s historical