Secret Message: Steganography Tricks of TA558 Group in Cyber Attacks on Enterprises in Russia and Belarus
Essential information
- Published
- 30/07/2024 15:54
- Modified
- 30/07/2024 16:31
- Tags
- 2024-07-30 CVE-2017-11882 agent-tesla belarus malware phishing remcos russia social engineering steganography
- Related entities
- 1 vulnerabilities (cve), 74 observables, 1 intrusion sets (apt), 2 malware, 4 others
Description
F.A.C.C.T.'s Threat Intelligence analysts have investigated numerous cyberattacks by the TA558 group targeting enterprises, government institutions, and banks in Russia and Belarus. The attacks aimed to steal data and gain access to the organization's internal systems. TA558 used multi-stage phishing campaigns, malware distribution, and advanced social engineering techniques, including steganography to conceal malicious payloads within images and encoded text files. The group leveraged legitimate compromised SMTP servers and created email accounts masquerading as legitimate organizations to distribute malicious emails with malware such as Agent Tesla and Remcos.