Research And Expert Comments On TA558 Targeting Hospitality.

Cybersecurity researchers at Proofpoint have today published new threat intelligence detailing how cybercriminal group TA558 has been targeting hospitality, hotel, and travel organisations to deploy malware and steal data such as credit card numbers and hotel customer data for financial gain.

During a busy summer for international travel in the wake of the pandemic, TA558 has increased its activity and poses a threat to travel organisations and travellers alike.

  • This is the first comprehensive public report on TA558’s activity. Since 2018, campaigns have attempted to install a variety of malware including Loda RAT, Vjw0rm, and Revenge RAT.
  • The group sends malicious emails with reservation-themed lures such as hotel bookings, and has been observed using compromised hotel websites to host its malware.
  • TA558 increased activity in 2022 to a higher average than previously observed.
  • Like other threat actors in 2022, TA558 pivoted away from using macro-enabled documents in campaigns and adopted new tactics, techniques, and procedures.

The research has been published this morning here: https://www.proofpoint.com/us/blog/threat-insight/reservations-requested-ta558-targets-hospitality-and-travel  

Subscribe
Notify of
guest

1 Expert Comment
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Sherrod DeGrippo
Sherrod DeGrippo , Senior Director, Threat Research and Detection
InfoSec Expert
August 18, 2022 3:02 pm

TA558 is an interesting threat actor targeting hospitality and travel organizations with unique lures referencing things like reservations and bookings. Although we do not have visibility into the actor’s ultimate goals, it’s possible compromises could impact both organizations in the travel industry as well as potentially customers who have used them for vacations. Organizations in these and related industries should be aware of this actor’s activities and take precautions to protect themselves.

Last edited 3 months ago by Sherrod DeGrippo
Information Security Buzz
1
0
Would love your thoughts, please comment.x
()
x