Researchers have revealed new details of a prolific APT group which has used 15 malware families over the past four years to steal data from travel and hospitality companies.

Financially motivated, group TA558 targets mainly organizations in Latin America and sometimes North America and Western Europe, switching between Portuguese, Spanish and English as it does so, according to Proofpoint.

It primarily uses phishing emails as its access vector, deploying reservation-themed lures with content relevant to the victim organization such as hotel room bookings.

These emails contain either malicious links or attachments designed to covertly install malware, which will then enable reconnaissance, data theft and the download of additional payloads, the report explained.

Among the multiple malware types used by the group are Loda RAT, Vjw0rm, Revenge RAT and AsyncRAT.

TA558 uses its own infrastructure most of the time, although Proofpoint has seen it leverage compromised hotel websites to host malicious payloads in a bid to fly under the radar of security monitoring tools.

Read More Here