Suspected Cyber Espionage Campaign Targeting Global Organizations
July 17, 2024, 12:59 p.m.
Description
An analysis identified a suspected cyber espionage campaign by TAG-100, a threat group exploiting internet-facing devices and utilizing open-source tools like the Go backdoor Pantegana. The campaign compromised two Asia-Pacific intergovernmental organizations and targeted multiple diplomatic, trade, and private sector entities globally across at least ten countries spanning Africa, Asia, North America, South America, and Oceania. The group employed open-source remote access capabilities and exploited various internet-facing products to gain initial access.
Tags
Date
- Created: July 17, 2024, 12:45 p.m.
- Published: July 17, 2024, 12:45 p.m.
- Modified: July 17, 2024, 12:59 p.m.
Indicators
- ec45da0ca70a9b71652cc95d51665f7ad568294bd5652c395a119bccd613e9b4
- e3aab908800cb4601bc4a87ac9ac48d816ced57cdb409b6e2468956cc50bdf04
- b8cab11421eb4731c16cf3c34ca2b3f2a758d5e112f877b90a18b3e146c8add0
- 9b6bc9e7ed924900e5dfb8df2ac0916fbe6913a7717c341152f5c17ae017278c
- 8eb3617768ce4693b726bb8187e5cccea3359de0196d6f2bbe555c31f12d1234
- 23efecc03506a9428175546a4b7d40c8a943c252110e83dec132c6a5db8c4dd6
- 38.54.15.164
- 38.54.115.34
- 216.238.68.36
- 209.141.57.75
- 209.141.46.83
- 209.141.50.215
- 209.141.42.131
- 207.246.108.119
- 205.185.126.208
- 205.185.122.35
- 173.254.229.93
- 144.202.125.201
- 205.185.127.12
- 205.185.121.169
- 205.185.117.73
- 198.98.49.41
- 104.244.79.119
- 209.141.37.217
- www.megtech.xyz
Attack Patterns
- Pantegana
- SparkRAT
- TAG-100
- T1595.002
- T1102.002
- T1583.003
- T1071
- T1055
- T1190
- CVE-2024-3400
Additional Informations
- Government