TAG-100

Description

(Recorded Future) Recorded Future’s Insikt Group identified new suspected cyber-espionage activity targeting high-profile government, intergovernmental, and private sector organizations globally. This activity, which we are tracking under the temporary group designator TAG100, has employed open-source remote access capabilities and exploited a wide range of internet-facing appliances for initial access. Using Recorded Future® Network Intelligence data, Insikt Group identified the likely compromise of the secretariats of two major Asia-Pacific intergovernmental organizations by TAG100 using the open-source, multi-platform Go backdoor Pantegana. Other targeted organizations include multiple diplomatic entities and ministries of foreign affairs, as well as industry trade associations and semiconductor supply-chain, non-profit, and religious organizations globally. At this time, Insikt Group is continuing to explore potential attribution for this activity; however, the specific targeting and victimology identified align with a suspected espionage motive.

Names

NameName-Giver
TAG-100Recorded Future
Storm-2077Microsoft

Country

State-sponsored

Motivation

  • Information theft and espionage

First Seen

2024

Observed Sectors

Observed Countries

Tools

Information

Other Information

Uuid

b01702b6-b1dc-4292-8a10-dfb87acfcd59

Last Card Change

2024-12-26