Cybercrime Group TA558 Conducts Large-Scale Phishing Campaign in Latin America

A cybercrime group, known as TA558, has recently organized a significant phishing campaign targeting various industries in Latin America. Their primary objective was to spread malicious software, Venom Rat, across organizations.

The campaign specifically targeted branches in the hotel business, travel, trade, finance, production, industry, and government structures in countries such as Spain, Mexico, the USA, Colombia, Portugal, Brazil, the Dominican Republic, and Argentina.

TA558, which has been active since 2018, has a history of launching attacks on organizations in the Latin American region. They have used different types of malware in the past, including Loda Rat, VJW0RM, and Revenge Rat.

According to Idan Taraba, a researcher at Perception Point, the latest chain of infection utilizes fish letters as an initial access vector for spreading the improved version of Quasar Rat, known as Venom Rat. This malware is capable of extracting confidential data and remotely controlling systems.

During the investigation, researchers also observed the active use of the DarkGate malware loader by attackers. ECLECTICIQ researchers noted that groups like TA558 are increasingly using DarkGate for initial penetration and distributing various types of malware within corporate networks. These malicious activities include information theft, reconnaissance programs, and remote control tools.

/Reports, release notes, official announcements.