HQ/EMEAFind out how we can help your business
A significant phishing campaign attributed to the threat group TA558 is currently being carried out through Latin America, targeting different industries. The primary objective of this campaign is to deploy Venom RAT, a malicious tool designed to infiltrate systems and compromise sensitive data.
The sectors under attack span a broad range, involving hospitality, travel, finance, manufacturing, government, and more. Countries affected include Spain, Mexico, the United States, Colombia, Portugal, Brazil, the Dominican Republic, and Argentina.
TA558, a threat actor with a documented history dating back to at least 2018, has previously targeted entities in Latin America with various forms of malware, including Loda RAT, Vjw0rm, and Revenge RAT.
Phishing emails lure recipients to download Venom RAT, enabling data harvesting and remote system control.
In this latest wave of attacks, phishing emails serve as the initial point of entry. These emails are carefully crafted to deceive recipients and prompt them to download Venom RAT inadvertently. This malicious software, a variant of Quasar RAT, possesses sophisticated capabilities, enabling it to harvest sensitive data and gain remote control over compromised systems.
Moreover, there has been a notable uptick in the utilisation of the DarkGate malware loader by threat actors after the dismantling of QakBot by law enforcement last year. Financial institutions in Europe and the US are the primary targets of this strategy.
DarkGate serves as a gateway for ransomware groups to establish initial access and deploy a variety of malware, including info-stealers, ransomware, and remote management tools. The ultimate goal is to maximise the number of infected devices and the amount of data extracted from victims.
In addition to phishing and malware deployment, malvertising campaigns are also on the rise. Notorious groups like ScamClub have shifted their focus towards video malvertising, resulting in a surge in VAST-forced redirect volumes since February 11, 2024. These campaigns leverage Video Ad Serving Templates (VAST) tags to redirect unsuspecting users to fraudulent or scam websites.
The majority of victims targeted by these malicious activities are located in the US, followed by Canada, the UK, Germany, and Malaysia, among others.
Overall, these developments underscore the evolving tactics employed by cybercriminals to infiltrate networks, compromise sensitive data, and exploit unsuspecting individuals and organisations across Latin America and beyond.
