A threat group tracked as TA558 has begun running phishing campaigns that target firms in the hospitality and travel space. TA558 is using Remote Access Trojans (RATs) to gain access to the target systems, perform surveillance, steal data, and then siphon money from customers. The group has been active since 2018, but there has been a recent surge in their activity most likely linked to the return of tourism following the Covid-19 pandemic. TA558 previously used documents with malicious macros in its phishing emails, and has now adopted RAR and ISO file attachments or embedded URLs in the messages. Similar changes in behavior have been seen with other threat groups following Microsoft’s decision to block VBA and XL4 macros.
By Anthony Zampino Introduction Leading up to the most recent Russian invasion of Ukraine in