Hotel and Travel Companies Targeted with Fake Reservations

Share post:

Attackers are targeting several hotels and hospitality companies through phishing. Identified as TA558, the threat actor uses a series of 15 different malware families, in particular (RATs) remote access trojans, to gain access to the target systems, carry out surveillance, steal key data and ultimately siphon off money from customers.

According to Proofpoint researchers, a recent increase in TA558’s activity has been recorded, and unlike in 2018, when it used macro-laced documents in its phishing emails, the threat actors now use RAR and ISO file attachments or embedded URLs in the messages.

The phishing e-mail themes used by the attackers revolve around making a booking with the target organizations and pretending to come from conference organizers, tourist offices and other sources that recipients cannot easily refuse.

The emails used to initiate the chain of infection are written in English, Spanish and Portuguese, while the phishing emails target companies in North America, Western Europe and Latin America.

After clicking on the URL, which pretends to be a reservation link in the message body, the victims receive an ISO file from a remote resource.

The archive contains a batch file that starts a PowerShell script, which finally drops the RAT payload onto the victim’s computer and creates a scheduled persistence task.

Once a hotel system has been compromised with RAT malware, TA558 penetrates deeper into the network to steal customer information, stored credit card information, and modify the client-facing websites to redirect reservation payments.

The sources for this piece include an article in BleepingComputer.

SUBSCRIBE NOW

Related articles

Hamilton Estimates $52 Million to Rebuild IT Systems After Ransomware Attack

The city of Hamilton plans to spend $52 million over the next three years to rebuild and secure...

Avery Data Breach: Credit Card Skimmer Affects Over 61,000 Customers

Label maker Avery has disclosed a data breach affecting 61,193 customers, caused by a credit card skimmer that...

Scammed Company Ordered to Pay $190k for Fraudulent Invoice Payment

A hacker gained access to Mobius Group’s email system and sent instructions from a legitimate email address, directing...

Sneaky 2FA: A Sophisticated Attack Defeats Both 2FA and Phishing Protections

A new phishing kit, ominously named "Sneaky 2FA," has emerged, targeting Microsoft 365 users by bypassing two-factor authentication...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways