Suspected Cyber Espionage Campaign Targeting Global Organizations
July 17, 2024, 12:59 p.m.
Tags
External References
Description
An analysis identified a suspected cyber espionage campaign by TAG-100, a threat group exploiting internet-facing devices and utilizing open-source tools like the Go backdoor Pantegana. The campaign compromised two Asia-Pacific intergovernmental organizations and targeted multiple diplomatic, trade, and private sector entities globally across at least ten countries spanning Africa, Asia, North America, South America, and Oceania. The group employed open-source remote access capabilities and exploited various internet-facing products to gain initial access.
Date
Published: July 17, 2024, 12:45 p.m.
Created: July 17, 2024, 12:45 p.m.
Modified: July 17, 2024, 12:59 p.m.
Indicators
ec45da0ca70a9b71652cc95d51665f7ad568294bd5652c395a119bccd613e9b4
e3aab908800cb4601bc4a87ac9ac48d816ced57cdb409b6e2468956cc50bdf04
b8cab11421eb4731c16cf3c34ca2b3f2a758d5e112f877b90a18b3e146c8add0
9b6bc9e7ed924900e5dfb8df2ac0916fbe6913a7717c341152f5c17ae017278c
8eb3617768ce4693b726bb8187e5cccea3359de0196d6f2bbe555c31f12d1234
23efecc03506a9428175546a4b7d40c8a943c252110e83dec132c6a5db8c4dd6
38.54.15.164
38.54.115.34
216.238.68.36
209.141.57.75
209.141.46.83
209.141.50.215
209.141.42.131
207.246.108.119
205.185.126.208
205.185.122.35
173.254.229.93
144.202.125.201
205.185.127.12
205.185.121.169
205.185.117.73
198.98.49.41
104.244.79.119
209.141.37.217
www.megtech.xyz
Attack Patterns
Pantegana
SparkRAT
TAG-100
T1595.002
T1102.002
T1583.003
T1071
T1055
T1190
CVE-2024-3400
Additional Informations
Government