VERY IMPORTANT

F.A.C.C.T.'s Threat Intelligence analysts have investigated numerous cyberattacks by the TA558 group targeting enterprises, government institutions, and banks in Russia and Belarus. The attacks aimed to steal data and gain access to the organization's internal systems. TA558 used multi-stage phishing campaigns, malware distribution, and advanced social engineering techniques, including steganography to conceal malicious payloads within images and encoded text files. The group leveraged legitimate compromised SMTP servers and created email accounts masquerading as legitimate organizations to distribute malicious emails with malware such as Agent Tesla and Remcos.