TLDR:
- Unknown threat actors using open-source tools for cyber espionage targeting various organizations
- Group known as TAG-100 compromised organizations in at least ten countries across different continents
Full Article Summary:
Unknown threat actors, known as TAG-100, have been identified using open-source tools in a suspected cyber espionage campaign targeting global government and private sector organizations. The adversary has compromised organizations in at least ten countries across Africa, Asia, North America, South America, and Oceania. These include diplomatic, government, semiconductor supply-chain, non-profit, and religious entities in countries such as Cambodia, Djibouti, the Dominican Republic, Fiji, Indonesia, and more.
Recorded Future’s Insikt Group has been tracking this activity and noted that TAG-100 employs open-source remote access capabilities, using tools like Pantegana and Spark RAT for post-exploitation. The group targets internet-facing devices with known security flaws, including products like Citrix NetScaler, F5 BIG-IP, Zimbra, Microsoft Exchange Server, SonicWall, and more.
The group has been observed conducting reconnaissance activities aimed at internet-facing appliances belonging to organizations in at least fifteen countries, such as Cuba, France, Italy, Japan, and Malaysia. They target organizations in various sectors, including education, finance, legal, local government, and utilities.
TAG-100’s activities involve combining proof-of-concept exploits with open-source programs to orchestrate attacks, making it easier for less sophisticated threat actors to conduct cyber attacks. This approach also helps them evade detection and complicates attribution efforts. By targeting internet-facing appliances, the group gains a foothold in the target network through products with limited visibility and support for traditional security solutions.
The company emphasizes the importance of monitoring and securing internet-facing devices to prevent such attacks. The widespread targeting of these devices poses a significant threat to organizations in various sectors and countries, highlighting the need for enhanced cybersecurity measures to mitigate the risk of cyber espionage and data breaches.