Espionage fears rise as TAG-144 evolves techniques

Researchers say Blind Eagle’s use of steganography helps the group bypass antivirus detection and prolong system access.
Hacktivism surged across Europe, with Poland, Ukraine, and the UK among the most heavily targeted nations.TAG-144 has intensified cyberattacks on South American governments, using spear-phishing emails to deliver remote access malware.

A threat group known as TAG-144 has stepped up cyberattacks on South American government agencies, researchers have warned.

The group, also called Blind Eagle and APT-C-36, has been active since 2018 and is linked to espionage and extortion campaigns. Recent activity shows a sharp rise in cybercrime, spear-phishing, often using spoofed government email accounts to deliver remote access trojans.

Analysts say the group has shifted towards more advanced methods, embedding malware inside image files through steganography. Payloads are then extracted in memory, allowing attackers to evade antivirus software and maintain access to compromised systems.

Colombian government institutions have been hit hardest, with stolen credentials and sensitive data raising concerns over both financial and national security risks. Security experts warn that TAG-144’s evolving tactics blur the line between organised crime and state-backed espionage.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!