Double-Tap Campaign: Russia-nexus APT possibly related to APT28 conducts cyber espionage on Central Asia and Kazakhstan diplomatic relations

Sekoia documents an ongoing, nation-state-aligned cyber-espionage campaign (UAC-0063) that weaponized legitimate Kazakhstan Ministry of Foreign Affairs Word documents to deploy a unique "Double-Tap" macro chain which drops an HTA-based VBS backdoor (HATVIBE) and ultimately CHERRYSPY; the report includes technical analysis, YARA rules, IOCs (domains, IPs, document hashes), Sigma detections, and assesses medium-confidence overlap with APT28/GRU while highlighting strategic targeting of Kazakhstan and Central Asia for diplomatic and economic intelligence.