TAG-144 APT Group Maintains Persistent Cyber Espionage Campaign Against South American Organizations

Sophisticated APT Campaign Targets South American Infrastructure

Recorded Future intelligence analysis has identified an extensive cyber espionage campaign conducted by TAG-144, a threat group with suspected state affiliations, targeting organizations across South America with advanced persistent threat techniques and sophisticated operational security measures.

Campaign Scope and Targeting

Between May 2024 and July 2025, TAG-144 demonstrated remarkable persistence in maintaining access to compromised networks across South American organizations. The threat group's victim selection appears strategically focused on entities with significant regional influence, suggesting intelligence collection objectives aligned with state-level interests.

Intelligence analysis indicates that TAG-144 has maintained "some degree of affiliation with the state," according to Recorded Future assessments. The group's operational patterns and target selection suggest coordination with broader strategic intelligence requirements, though the specific sponsoring government remains unclear from available reporting.

Advanced Operational Techniques

The threat group has consistently leveraged legitimate internet services (LIS) during payload staging phases, demonstrating sophisticated understanding of detection evasion techniques. TAG-144's operational methodology includes the use of widely recognized platforms like Bitbucket and similar services to host malicious payloads, making detection and attribution more challenging for defensive security teams.

Security researchers noted that the group's persistence techniques allow for extended network access periods, enabling comprehensive intelligence collection from targeted organizations. The campaign's duration and sophistication suggest well-resourced backing and professional operational planning consistent with state-sponsored activities.

Regional Security Implications

The TAG-144 campaign represents a significant cyber espionage threat to South American regional security, with implications extending beyond individual organizational compromises. The threat group's sustained operations demonstrate the increasing vulnerability of regional infrastructure to sophisticated state-sponsored cyber threats, highlighting the need for enhanced collective cybersecurity measures across South American nations.