Security News > 2024 > July > TAG-100: New Threat Actor Uses Open-Source Tools for Widespread Attacks
Unknown threat actors have been observed leveraging open-source tools as part of a suspected cyber espionage campaign targeting global government and private sector organizations.
Recorded Future's Insikt Group is tracking the activity under the temporary moniker TAG-100, noting that the adversary likely compromised organizations in at least ten countries across Africa, Asia, North America, South America, and Oceania, including two unnamed Asia-Pacific intergovernmental organizations.
"TAG-100 employs open-source remote access capabilities and exploits various internet-facing devices to gain initial access," the cybersecurity company said.
Attack chains involve the exploitation of known security flaws impacting various internet-facing products, including Citrix NetScaler, F5 BIG-IP, Zimbra, Microsoft Exchange Server, SonicWall, Cisco Adaptive Security Appliances ASA), Palo Alto Networks GlobalProtect, and Fortinet FortiGate.
The group has also been observed conducting wide-ranging reconnaissance activity aimed at internet-facing appliances belonging to organizations in at least fifteen countries, including Cuba, France, Italy, Japan, and Malaysia.
"The widespread targeting of internet-facing appliances is particularly attractive because it offers a foothold within the targeted network via products that often have limited visibility, logging capabilities, and support for traditional security solutions, reducing the risk of detection post-exploitation," Recorded Future said.
News URL
https://thehackernews.com/2024/07/tag-100-new-threat-actor-uses-open.html
Related news
- THN Cybersecurity Recap: Top Threats, Tools and News (Oct 21 - Oct 27) (source)
- THN Recap: Top Cybersecurity Threats, Tools, and Practices (Oct 28 - Nov 03) (source)
- AI-Assisted Attacks Top Cyber Threat For Third Consecutive Quarter, Gartner Finds (source)
- THN Recap: Top Cybersecurity Threats, Tools, and Practices (Nov 04 - Nov 10) (source)
- THN Recap: Top Cybersecurity Threats, Tools, and Practices (Nov 11 - Nov 17) (source)
- Cybersecurity Blind Spots in IaC and PaC Tools Expose Cloud Platforms to New Attacks (source)
- THN Recap: Top Cybersecurity Threats, Tools, and Practices (Nov 18 - Nov 24) (source)
- Hottest cybersecurity open-source tools of the month: November 2024 (source)
- THN Recap: Top Cybersecurity Threats, Tools and Tips (Nov 25 - Dec 1) (source)
- ⚡ THN Recap: Top Cybersecurity Threats, Tools and Tips (Dec 2 - 8) (source)