April 2, 2024 at 01:51AM
TA558, a threat actor targeting the Latin America region, has launched a large-scale phishing campaign to deploy Venom RAT. Primarily focusing on hotel, travel, trading, financial, manufacturing, industrial, and government sectors in multiple countries, it aims to harvest sensitive data and remotely control systems. Additionally, malvertising campaigns delivering malware are on the rise, with groups like ScamClub shifting focus to video malvertising attacks.
Key takeaways from the meeting notes:
– The threat actor TA558 is attributed to a new phishing campaign targeting multiple sectors in Latin America, aiming to deploy Venom RAT.
– TA558 has been active since at least 2018 and has a history of delivering malware in the LATAM region.
– The latest infection chain involves phishing emails to drop Venom RAT, which can harvest sensitive data and control systems remotely.
– Threat actors are increasingly using DarkGate malware loader after the takedown of QakBot to target financial institutions in Europe and the U.S.
– Ransomware groups are utilizing DarkGate to create a foothold and deploy various malware in corporate networks.
– Malvertising campaigns are delivering malware like FakeUpdates, Nitrogen, and Rhadamanthys, with a focus on video malvertising assaults, targeting users in the U.S., Canada, the U.K., Germany, and Malaysia.