Network security systems were impacted
Attacks exploiting known security flaws impacting internet-facing systems have been deployed by the new TAG-100 threat operation, as part of a cyberespionage campaign against private and government organizations in the US and other parts of the world.
According to The Hacker News, systems including Microsoft Exchange Server, SonicWall and F5 BIG-IP, as well as the open-source Pantegana and Spark RAT backdoors, were impacted.
TAG-100 also leveraged the remote code execution flaw CVE-2024-3400, which impacted Palo Alto Networks’ GlobalProtect firewalls, analysis from Recorded Future's Insikt Group revealed.
"The widespread targeting of internet-facing appliances is particularly attractive because it offers a foothold within the targeted network via products that often have limited visibility, logging capabilities, and support for traditional security solutions, reducing the risk of detection post-exploitation," said Recorded Future researchers.
Written by
Dan Raywood
Senior Editor
SC Media UK
Dan Raywood is a B2B journalist with more than 20 years of experience, including covering cybersecurity for the past 16 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Conference, BSides Scotland, Steelcon and ESET Security Days.
Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.