Cybersecurity researchers at Proofpoint have today published new threat intelligence detailing how cybercriminal group TA558 has been targeting hospitality, hotel, and travel organisations to deploy malware and steal data such as credit card numbers and hotel customer data for financial gain.
During a busy summer for international travel in the wake of the pandemic, TA558 has increased its activity and poses a threat to travel organisations and travellers alike.
- This is the first comprehensive public report on TA558’s activity. Since 2018, campaigns have attempted to install a variety of malware including Loda RAT, Vjw0rm, and Revenge RAT.
- The group sends malicious emails with reservation-themed lures such as hotel bookings, and has been observed using compromised hotel websites to host its malware.
- TA558 increased activity in 2022 to a higher average than previously observed.
- Like other threat actors in 2022, TA558 pivoted away from using macro-enabled documents in campaigns and adopted new tactics, techniques, and procedures.
The research has been published this morning here: https://www.proofpoint.com/us/blog/threat-insight/reservations-requested-ta558-targets-hospitality-and-travel