Security News > 2022 > August > Hackers target hotel and travel companies with fake reservations
A hacker tracked as TA558 has upped their activity this year, running phishing campaigns that target multiple hotels and firms in the hospitality and travel space.
The threat actor uses a set of 15 distinct malware families, usually remote access trojans, to gain access to the target systems, perform surveillance, steal key data, and eventually siphon money from customers.
One 2022 campaign used QuickBooks invoice lures instead of room reservations and dropped Revenge RAT exclusively.
Having compromised hotel systems with RAT malware, TA558 moves deeper into the network to steal customer data, stored credit card details, and modify the client-facing websites to divert reservation payments.
In July 2022, The Marino Boutique Hotel in Lisbon, Portugal, had its Booking.com account hacked, and the intruder stole €500,000 in four days from unsuspecting customers who paid to book a room.
While the involvement of TA558, in that case, wasn't proven, it matches the threat actor's TTPs and targeting scope and at least gives an example of how they could monetize their access to hotel systems.