TA558 Malware Attacks Travel and Hospitality Services

A persistent wave of attacks on Latin American hospitality, hotel, and travel firms with the intention of planting malware on compromised systems have been attributed to a financially motivated cybercrime ring.
Proofpoint researchers are keeping tabs on a malware campaign being run by the TA558 malware gang. The organization used Loda RAT, Vjw0rm, and Revenge RAT among other malware in its attacks. 
The gang has been active at a faster rate than usual in 2022, with intrusions mostly targeted at Latin American Portuguese and Spanish speakers and to a lesser level at Western European and North American speakers.
The group uses phishing campaigns that involve sending malicious spam messages with lures that have a travel theme, like hotel reservations, that contain weaponized documents or URLs in an effort to persuade unwitting users to install trojans that can conduct reconnaissance, steal data, and distribute add-on payloads.
To download and install a variety of malware, including AsyncRAT, Loda RAT, Revenge RAT, and Vjw0rm, the assaults conducted between 2018 and 2021 made use of emails with malicious Word documents that either contained VBA macros or exploits for vulnerabilities like CVE-2017-11882 and CVE-2017-8570.
In more recent attacks, the cybercriminal organization has started distributing malware using Office documents, RAR attachments, ISO attachments, and malicious URLs. The action is in response to Microsoft’s decision to

[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.

This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents

Read the original article: