Russia-linked threat actors TAG-110 employed custom malware HATVIBE and CHERRYSPY to target organizations in Asia and Europe.The campaign primarily targeted government entities, human rights groups, and educational institutions in Central Asia, East Asia, and Europe.The APT used HATVIBE loader to deliver malware like CHERRYSPY, which enables encrypted data exfiltration and system monitoring of targeted entities.TAG-110's operations align with Russia's geopolitical interests, focusing on Central Asia to maintain influence amid strained relations.