From January to February 2025, a phishing campaign targeting Tajikistan was detected and attributed to TAG-110, a Russia-aligned threat actor. The campaign used Tajikistan government-themed documents as lures, shifting from previous tactics to macro-enabled Word template files for initial payload delivery. This change in approach demonstrates TAG-110's evolving tactics. The group's persistent targeting of Tajik government, educational, and research institutions aligns with Russia's strategy to maintain influence in Central Asia. The campaign likely aims to gather intelligence for influencing regional politics or security, particularly during sensitive events like elections or geopolitical tensions.