RST TI Report Digest: 03 Feb 2025

The Insikt Group uncovered TAG-124, a sophisticated Traffic Distribution System that uses compromised WordPress sites, actor-controlled servers, and the "ClickFix" technique to distribute malware (disguised as Google Chrome updates) across a broad ecosystem; the infrastructure supports multiple threat clusters including ransomware-affiliated actors and is accompanied by a large set of IOCs (IPs, domains, URLs, and file hashes).