SecuriTricks - Attack Report

External References

Description

An analysis identified a suspected cyber espionage campaign by TAG-100, a threat group exploiting internet-facing devices and utilizing open-source tools like the Go backdoor Pantegana. The campaign compromised two Asia-Pacific intergovernmental organizations and targeted multiple diplomatic, trade, and private sector entities globally across at least ten countries spanning Africa, Asia, North America, South America, and Oceania. The group employed open-source remote access capabilities and exploited various internet-facing products to gain initial access.

Date

Published	Created	Modified
July 17, 2024, 12:45 p.m.	July 17, 2024, 12:45 p.m.	July 17, 2024, 12:59 p.m.

Indicators

ec45da0ca70a9b71652cc95d51665f7ad568294bd5652c395a119bccd613e9b4

e3aab908800cb4601bc4a87ac9ac48d816ced57cdb409b6e2468956cc50bdf04

b8cab11421eb4731c16cf3c34ca2b3f2a758d5e112f877b90a18b3e146c8add0

9b6bc9e7ed924900e5dfb8df2ac0916fbe6913a7717c341152f5c17ae017278c

8eb3617768ce4693b726bb8187e5cccea3359de0196d6f2bbe555c31f12d1234

23efecc03506a9428175546a4b7d40c8a943c252110e83dec132c6a5db8c4dd6

38.54.15.164

38.54.115.34

216.238.68.36

209.141.57.75

209.141.46.83

209.141.50.215

209.141.42.131

207.246.108.119

205.185.126.208

205.185.122.35

173.254.229.93

144.202.125.201

205.185.127.12

205.185.121.169

205.185.117.73

198.98.49.41

104.244.79.119

209.141.37.217

www.megtech.xyz

Attack Patterns

Pantegana

SparkRAT

TAG-100

T1595.002

T1102.002

T1583.003

T1071

T1055

T1190

CVE-2024-3400

Additional Informations

Government

Suspected Cyber Espionage Campaign Targeting Global Organizations

Tags