The TAG-144 advanced persistent threat (APT) group has maintained an extensive cyber espionage campaign against South American organizations throughout 2024 and into 2025, according to new intelligence research. The threat group has demonstrated remarkable persistence and adaptability, operating through five distinct activity clusters that have evolved their tactics and targeting approaches over the campaign period.
Multi-Cluster Operational Structure
Insikt Group researchers have identified five separate activity clusters linked to TAG-144, each active at different points throughout the extended campaign period. This multi-cluster approach allows the threat group to maintain operational redundancy while testing different intrusion methodologies and maintaining persistence against high-value targets across the region.
Persistent Regional Targeting
The TAG-144 campaign represents a sustained intelligence collection effort specifically focused on South American organizations, suggesting strategic intelligence requirements rather than opportunistic targeting. The group's persistent presence in the region indicates long-term espionage objectives that extend beyond typical cybercriminal motivations.
Advanced Threat Capabilities
The threat group's ability to maintain operations across multiple years while adapting their tactics demonstrates sophisticated command and control capabilities. The five-cluster structure suggests a well-resourced operation with the ability to develop and deploy multiple parallel intrusion capabilities simultaneously.
Regional Security Implications
TAG-144's persistent campaign highlights the growing cyber espionage threats facing South American organizations. The sustained nature of the operations suggests that regional entities may be facing ongoing intelligence collection efforts that could compromise sensitive governmental, commercial, and strategic information across multiple countries in the region.