Attackers are literally writing love letters to your SOC—then hiding RATs in the roses. 🥀🖼️
TA558’s “SteganoAmor” hides payloads inside images to drop AgentTesla/Remcos/LokiBot, while riding compromised SMTP/FTP for C2 and phishing. Oil, gas, and maritime are squarely in scope, with recent activity tied to traders and operators.
Tooling overlaps (Aggah, Blind Eagle) muddy attribution and help scale the spam→loader→infostealer treadmill. Patch the Office antiques (yes, CVE-2017-11882 still shows up), add steganalysis to the mail pipeline, and kill server egress for SMTP/FTP by default.
If you could fund one control this quarter, is it steganalysis in email… or blocking those legacy egress paths at the firewall?
Read the brief → https://blog.alphahunt.io/steganoamor-ta558s-image-hidden-malware-targets-oil-gas-maritime