Exposing TAG-53’s Credential Harvesting Infrastructure Used for Russia-Aligned Espionage Operations
released on 2022-12-08 @ 04:23:55 PM
Insikt Group has observed the recurring use of common traits by TAG-53 when curating its infrastructure, including the use of domain names employing a specific pattern construct along with Let’s Encrypt TLS certificates, the use of a specific cluster of hosting providers, and the use of a small cluster of autonomous systems.