The threat actor is conducting a spearphishing campaign to deliver malicious attachments, maintain persistence, and establish command and control.
Tag: UAC-0063
Engage Report: Double-Tap Campaign – Espionage in Central Asia
- A malicious macro in the initial Word document creates a second blank document and weaponizes it with another malicious macro.
- The second macro creates a scheduled task named “SettingsService Dispatch” using
RegisterTaskDefinition. - This task executes an HTA file containing the HATVIBE backdoor every four minutes using
mshta.exe.