Cyber criminals utilize CastleRAT malware, written in C and Python languages, to hack user computers, and Shell Corporation is now required to compensate affected parties.
Cybersecurity Alert: TAG-150's CastleLoader Malware Targets Booking.com Customers
In a recent cybersecurity incident, customers of Booking.com were targeted by the malicious activities of a threat actor known as TAG-150. The group is notorious for developing and distributing the CastleRAT malware, a dangerous piece of software that has been observed being hosted from a Google Cloud IP address.
TAG-150, operating as a malware-as-a-service operation, has been successful in persuading victims to install malware themselves, with a 28.7 percent success rating according to IBM's reports. This Russian-based group uses a sophisticated international network, with a Russian ISP and backup data stored on a virtual private server located in the Netherlands.
The malware, known as CastleLoader, has been observed targeting primarily American entities. However, attribution remains difficult due to the group's complex operations. To defend against such threats, it is recommended to closely monitor ports 443, 7777, and 80 for any suspicious activity.
One of the tools TAG-150 uses for command and control is Tox Chat, an encrypted communications service. This makes it difficult for security researchers to track the group's activities.
Despite the challenges in attribution, IBM's report suggests that TAG-150 is likely to develop and release additional malware in the near term. The group operates by selling infected systems to various info-stealing and ransomware operators, making it a significant threat to the global cybersecurity landscape.
Stay vigilant and ensure your systems are up-to-date to protect yourself against such threats. If you suspect any unusual activity, promptly report it to your IT department or a trusted cybersecurity provider.
