Deep into the evolution of the SteganoAmor campaign: how the TA558 attacked companies around the world
In our talk, we will cover the activities of the TA558 group, which we have been monitoring over
the past year. Originally targeting Latin America, the group has expanded its presence to other regions and is targeting a range of sectors including government, manufacturing, electricity, construction, transportation, information technology, education, financial, and pharmaceutical, among others.
The TA558 group uses compromised legitimate FTP and SMTP servers as infrastructure for C2 servers and to store stolen data, and compromised legitimate SMTP servers to send malicious emails. An important feature of the group’s activities is the use of steganography, where useful files are hidden within images and text files.
During the talk, we will demonstrate the evolution of the group’s attacks, as well as the most popular kill chains using different malware.
Our presentation will be based on information we have published previously, but will also include additional details, including attacks we have seen since our report was published: https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/steganoamor-campaign-ta558-mass-attacking-companies-and-public-institutions-all-around-the-world/
Aleksandr Badaev – Positive Technologies
Alexander is a threat intelligence specialist and his work includes OSINT, tracking APT, cybercrime groups and hacktivist activity. He also provides expertise in various formats, including indicator data for Positive Technologies products.
In 2023, he graduated from the Moscow Technical University of Communications and Informatics with a degree in “Infocommunication technologies and communication systems”.
Previously, he worked at Group IB as a Threat Intelligence Analyst in the Complex Threat Research Department (APT). He joined Positive Technologies in 2023 as a specialist of threat intelligence department, PT ESC.
Kseniia Naumova – Positive Technologies
Kseniia is a threat researcher at Positive Technologies, where she focuses on researching malware in the network, improving network traffic analysis tools, and searching for new approaches to detect network threats. She shares her research with other malware analysts on the X platform – https://x.com/naumovax. Kseniia also devoted time to exploring web-related threats, conducting osint research, and developing a system for countering and detecting social engineering attacks in her master’s degree in cybersecurity.
In 2022, she graduated from the National Research University «Moscow Power Engineering Institute» with a bachelor’s degree in computer system security. In 2024, she graduated from the National Research Nuclear University «Moscow Engineering Physics Institute» with a master’s degree in information security in financial monitoring. Her career started in 2020 researching web threats at Kaspersky Lab for two years before joining Positive Technologies in 2022.
Kseniia organized cybersecurity events for students at multiple educational programs. She’s been playing CTF with the team since 2018. Her international team participated in the 2022 and 2023 BlackHat MEA final CTF.