Gandalf_The_Grey
Level 81
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
- Apr 24, 2016
- 7,082
A hacker tracked as TA558 has upped their activity this year, running phishing campaigns that target multiple hotels and firms in the hospitality and travel space.
The threat actor uses a set of 15 distinct malware families, usually remote access trojans (RATs), to gain access to the target systems, perform surveillance, steal key data, and eventually siphon money from customers.
TA558 has been active since at least 2018, but Proofpoint has recently seen an uptick in its activities, possibly linked to the rebound of tourism after two years of COVID-19 restrictions.
In 2022, TA558 switched from using macro-laced documents in its phishing emails and adopted RAR and ISO file attachments or embedded URLs in the messages.
Similar changes have been seen with other threat actors in response to Microsoft's decision to block VBA and XL4 macros in Office, which hackers historically used for loading, dropping, and installing malware via malicious documents.
The phishing emails that initiate the infection chain are written in English, Spanish, and Portuguese, targeting companies in North America, Western Europe, and Latin America.
Hackers target hotel and travel companies with fake reservations
A hacker tracked as TA558 has upped their activity this year, running phishing campaigns that target multiple hotels and firms in the hospitality and travel space.
www.bleepingcomputer.com