Venom Strikes Latin America: TA558 Phishing Campaign Targets Businesses

A cybercriminal group known as TA558 has orchestrated a vast phishing campaign aimed at a wide array of industries across Latin America, with the intent of disseminating the malicious software Venom RAT.

The primary targets of these attacks have been sectors including hospitality, travel, commerce, finance, manufacturing, industry, and governmental structures in Spain, Mexico, the United States, Colombia, Portugal, Brazil, the Dominican Republic, and Argentina.

Active since 2018, TA558 has a rich history of assaults on organizations within the Latin American region, employing a variety of malware types such as Loda RAT, Vjw0rm, and Revenge RAT.

According to Idan Tarab, a researcher at Perception Point, the latest infection chain employs phishing emails as the initial access vector to spread Venom RAT, an advanced version of Quasar RAT capable of pilfering confidential data and remotely controlling systems.

The revelation of this threat coincided with observations by researchers of the active use of the DarkGate malware loader by criminals. A researcher from EclecticIQ noted that groups utilizing ransomware increasingly employ DarkGate for initial penetration and dissemination of various types of malware across corporate networks, including information-stealing software, ransomware, and remote administration tools.