Russian hacking group now targeting hotel guests using insecure WiFi

According to a security company known as FireEye, Russian hacking group APT28, also known as Fancy Bear, has been targeting guests through insecure Wi-Fi at hotels.

The activity is relatively new, dating back to at least last month, FireEye said. The firm found that Fancy Bear sent a malicious document in a spear phishing campaign to multiple hotels in at least seven European countries and one Middle Eastern country in early July.

Read also: Chinese scientists beat others to create world’s fastest computer

The malicious document included a macro that installs Fancy Bear’s signature GAMEFISH malware. Fancy Bear is a Kremlin-linked group that is believed to have hacked the Democratic National Committee prior to the 2016 presidential election.

FireEye said the group used the EternalBlue exploit to spread through hotel networks and target guests. Once the hackers were inside the hotel’s network, the group attempted to find machines that controlled both guest and internal networks.

When they got access to the machines, the group used the hacking tool Responder, which causes the victim to send the username and hashed password to the machine controlled by the hacker.

 

RipplesNigeria ….without borders, without fears

 

Join the conversation

Opinions

Support Ripples Nigeria, hold up solutions journalism

Balanced, fearless journalism driven by data comes at huge financial costs.

As a media platform, we hold leadership accountable and will not trade the right to press freedom and free speech for a piece of cake.

If you like what we do, and are ready to uphold solutions journalism, kindly donate to the Ripples Nigeria cause.

Your support would help to ensure that citizens and institutions continue to have free access to credible and reliable information for societal development.

Donate Now