Insikt Group uncovered five activity clusters linked to the persistent threat group TAG-144, primarily targeting Colombian government institutions and private entities in 2024 and 2025. The group leverages a wide range of tools, including RATs, legitimate services, and steganography, to conduct espionage and credential theft activities. #TAG144 #BlindEagle
Keypoints
- TAG-144, also known as Blind Eagle, operates across multiple activity clusters targeting Colombian institutions.
- The threat group uses various RATs, including AsyncRAT and Quasar, to infect and control victim systems.
- Spearphishing campaigns often impersonate Colombian authorities, utilizing geo-fencing and shortened URLs.
- Operational infrastructure includes VPS, Colombian IP ranges, and VPN servers to mask malicious activities.
- Primary targets are government, financial, energy, healthcare, and educational organizations, with a focus on credential theft and espionage.