ETDA สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency
Report
Search
Home > List all groups > TA558

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link APT group: TA558

NamesTA558 (Proofpoint)
Country[Unknown]
MotivationFinancial crime
First seen2018
Description(Proofpoint) Since 2018, Proofpoint has tracked a financially-motivated cybercrime actor, TA558, targeting hospitality, travel, and related industries located in Latin America and sometimes North America, and western Europe. The actor sends malicious emails written in Portuguese, Spanish, and sometimes English. The emails use reservation-themed lures with business-relevant themes such as hotel room bookings. The emails may contain malicious attachments or URLs aiming to distribute one of at least 15 different malware payloads, typically remote access trojans (RATs), that can enable reconnaissance, data theft, and distribution of follow-on payloads.
ObservedSectors: Construction, Education, Energy, Financial, Government, Hospitality, Industrial, IT, Pharmaceutical, Transportation.
Countries: Algeria, Argentina, Brazil, Bulgaria, Chile, Colombia, Costa Rica, Czech, Dominican Republic, Ecuador, Germany, Guatemala, India, Indonesia, Lebanon, Macedonia, Mexico, Morocco, Pakistan, Peru, Poland, Romania, Russia, Serbia, Slovenia, South Korea, Spain, Thailand, Turkey, Uruguay, USA.
Tools usedAsyncRAT, AZORult, Loda, njRAT, RemcosRAT, Vjw0rm, RevengeRAT, XtremeRAT.
Operations performedJun 2023SteganoAmor campaign: TA558 mass-attacking companies and public institutions all around the world
<https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/steganoamor-campaign-ta558-mass-attacking-companies-and-public-institutions-all-around-the-world/>
Information<https://www.proofpoint.com/us/blog/threat-insight/reservations-requested-ta558-targets-hospitality-and-travel>

Last change to this card: 22 April 2024

Download this actor card in PDF or JSON format

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents
Telephone +66 (0)2-123-1227
E-mail [email protected]