Hotel and Travel Companies Targeted with Fake Reservations

Attackers are targeting several hotels and hospitality companies through phishing. Identified as TA558, the threat actor uses a series of 15 different malware families, in particular (RATs) remote access trojans, to gain access to the target systems, carry out surveillance, steal key data and ultimately siphon off money from customers.

According to Proofpoint researchers, a recent increase in TA558’s activity has been recorded, and unlike in 2018, when it used macro-laced documents in its phishing emails, the threat actors now use RAR and ISO file attachments or embedded URLs in the messages.

The phishing e-mail themes used by the attackers revolve around making a booking with the target organizations and pretending to come from conference organizers, tourist offices and other sources that recipients cannot easily refuse.

The emails used to initiate the chain of infection are written in English, Spanish and Portuguese, while the phishing emails target companies in North America, Western Europe and Latin America.

After clicking on the URL, which pretends to be a reservation link in the message body, the victims receive an ISO file from a remote resource.

The archive contains a batch file that starts a PowerShell script, which finally drops the RAT payload onto the victim’s computer and creates a scheduled persistence task.

Once a hotel system has been compromised with RAT malware, TA558 penetrates deeper into the network to steal customer information, stored credit card information, and modify the client-facing websites to redirect reservation payments.

IT World Canada Staff
IT World Canada Staff
The online resource for Canadian Information Technology professionals.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

ITW in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

More Best of The Web