Security News > 2024 > July > TAG-100: New Threat Actor Uses Open-Source Tools for Widespread Attacks

Unknown threat actors have been observed leveraging open-source tools as part of a suspected cyber espionage campaign targeting global government and private sector organizations.

Recorded Future's Insikt Group is tracking the activity under the temporary moniker TAG-100, noting that the adversary likely compromised organizations in at least ten countries across Africa, Asia, North America, South America, and Oceania, including two unnamed Asia-Pacific intergovernmental organizations.

"TAG-100 employs open-source remote access capabilities and exploits various internet-facing devices to gain initial access," the cybersecurity company said.

Attack chains involve the exploitation of known security flaws impacting various internet-facing products, including Citrix NetScaler, F5 BIG-IP, Zimbra, Microsoft Exchange Server, SonicWall, Cisco Adaptive Security Appliances ASA), Palo Alto Networks GlobalProtect, and Fortinet FortiGate.

The group has also been observed conducting wide-ranging reconnaissance activity aimed at internet-facing appliances belonging to organizations in at least fifteen countries, including Cuba, France, Italy, Japan, and Malaysia.

"The widespread targeting of internet-facing appliances is particularly attractive because it offers a foothold within the targeted network via products that often have limited visibility, logging capabilities, and support for traditional security solutions, reducing the risk of detection post-exploitation," Recorded Future said.

News URL

https://thehackernews.com/2024/07/tag-100-new-threat-actor-uses-open.html