 |
สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์ Electronic Transactions Development Agency |
|
สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์ Electronic Transactions Development Agency |
APT group: TAG-100| Names | TAG-100 (Recorded Future) | |
| Country |  China | |
| Sponsor | State-sponsored | |
| Motivation | Information theft and espionage | |
| First seen | 2024 | |
| Description | (Recorded Future) Recorded Future’s Insikt Group identified new suspected cyber-espionage activity targeting high-profile government, intergovernmental, and private sector organizations globally. This activity, which we are tracking under the temporary group designator TAG100, has employed open-source remote access capabilities and exploited a wide range of internet-facing appliances for initial access. Using Recorded Future® Network Intelligence data, Insikt Group identified the likely compromise of the secretariats of two major Asia-Pacific intergovernmental organizations by TAG100 using the open-source, multi-platform Go backdoor Pantegana. Other targeted organizations include multiple diplomatic entities and ministries of foreign affairs, as well as industry trade associations and semiconductor supply-chain, non-profit, and religious organizations globally. At this time, Insikt Group is continuing to explore potential attribution for this activity; however, the specific targeting and victimology identified align with a suspected espionage motive. | |
| Observed | Sectors: Embassies, Financial, Government, High-Tech. Countries: Bolivia, Cambodia, Cuba, Djibouti, Dominican Republic, Fiji, France, Indonesia, Italy, Japan, Malaysia, Netherlands, Taiwan, UK, USA, Vietnam. | |
| Tools used | Cobalt Strike, CrossC2, LESLIELOADER, Pantegana, SparkRAT. | |
| Information | <https://go.recordedfuture.com/hubfs/reports/cta-2024-0716.pdf> | |
Last change to this card: 26 August 2024
|
Digital Service Security Center Follow us on
|
Report incidents |
|
 |
+66 (0)2-123-1227 | |
 |
[email protected] | |