• Call Us: (540) 566-8737
    • Account Login (AMP)
    Menu
    Advisory: Unlocking TA558: Travel Sector Faces Cyber Onslaught

    Advisory: Unlocking TA558: Travel Sector Faces Cyber Onslaught

    Tweet
    Share
    Share
    Pin
    0 Shares

    Persistent cyber threat group TA558 has reemerged, targeting the travel and hospitality sectors following a pandemic-induced hiatus. Revitalizing 2018 campaigns, the group employs fake reservation emails containing links to deliver a diverse malware payload. Notably, the latest campaign introduces novel tactics, including the use of RAR and ISO file attachments. Additionally, TA558 has increased its use of URLs in 2022, significantly ramping up campaign tempo with a mix of malware like Loda, Revenge RAT, and AsyncRAT. The group’s historical focus on malicious Word documents has shifted to ISO and RAR files, attributed to Microsoft’s macro-related updates. TA558’s primary motive remains financial gain, posing potential risks to both the travel industry and its customers. Organizations in targeted sectors are advised to stay vigilant against TA558’s evolving tactics and take necessary precautions.

    In summary, TA558’s resurgence in targeting the travel and hospitality industries involves revamped 2018 campaigns and novel tactics such as the use of RAR and ISO file attachments. The cyber threat group has increased its use of URLs in 2022, delivering a mix of malware and shifting from malicious Word documents to ISO and RAR files. With a primary focus on financial gain, TA558 poses potential risks to both organizations in the travel industry and their customers, emphasizing the importance of staying vigilant and implementing necessary precautions.

    Reference: https://www.proofpoint.com/us/blog/threat-insight/reservations-requested-ta558-targets-hospitality-and-travelhttps://threatresearch.ext.hp.com/stealthy-opendocument-malware-targets-latin-american-hotels/

    Notice: EntreBase Trust & Safety; Threat Advisory information is monitored daily and continuously updated, maintained, and populated by industry-leading Vulnerability and Threat Intelligence sources containing over 12,000 records for vulnerabilities in Email Security, Website Security, WordPress plugins, themes, and core. The database is actively maintained by a team of highly credentialed and industry-leading vulnerability researchers and analysts with dozens of vulnerabilities added per week.

    Did you find this article helpful? Please share this article below and help us spread the word, Thanks!

    About the Contributor
    Trust & Safety Team