TAG-124’s Multi-Layered TDS Infrastructure and Extensive User Base

216.73.216.6

TAG-124’s Multi-Layered TDS Infrastructure and Extensive User Base

· Published 31/01/2025 10:09 · Modified 31/01/2025 10:39

Essential information

Published: 31/01/2025 10:09
Modified: 31/01/2025 10:39
Tags: 2025-01-31 cleanuploader mintsloader remcos ta582 tag-124
Related entities: 102 observables, 1 intrusion sets (apt), 6 techniques (mitre), 4 malware

Description

Insikt Group has identified a complex infrastructure linked to the traffic distribution system TAG-124, which overlaps with several threat activity clusters and includes compromised WordPress sites and various servers. Multiple threat actors, including operators of Rhysida and Interlock ransomware, use TAG-124, reinforcing their connection through shared tactics and tools. Insikt Group anticipates that TAG-124 will continue to evolve and attract more users within the cybercriminal ecosystem.

External references

https://www.recordedfuture.com/research/tag-124-multi-layered-tds-infrastructure-extensive-user-base
https://otx.alienvault.com/pulse/679ca175bea14c5736a7310a