TAG-144's Persistent Grip on South American Organizations

Description

Insikt Group has identified five distinct activity clusters linked to TAG-144 (Blind Eagle), targeting primarily Colombian government entities across local, municipal, and federal levels throughout 2024 and 2025. The clusters share similar tactics, techniques, and procedures (TTPs) such as using open-source and cracked remote access trojans (RATs), dynamic domain providers, and legitimate internet services (LIS) for staging. However, they differ in infrastructure, malware deployment, and operational methods. The group maintains an extensive operational infrastructure, employs various RATs, and uses multi-stage infection chains. TAG-144's primary focus appears to be credential theft and espionage, with evidence linking it to Red Akodon and compromised Colombian government email accounts used in spearphishing campaigns.