Home / Explore Technology / Security / Russian Hackers Target Hotels Using WannaCry Exploit

Russian Hackers Target Hotels Using WannaCry Exploit

A notorious group of Russian hackers are targeting hotel guests in Europe and the Middle East.

Connected TravelerResearchers at security firm FireEye on Friday warned that hacking group APT28 is using a tool known to sniff user passwords from Wi-Fi traffic. They access hotel networks via spear phishing emails with attachments that might seem legitimate at first glance (Hotel_Reservation_Form.doc). But "successful execution of the macro within the malicious document results in the installation of APT28's signature Gamefish malware," FireEye says.

The malicious emails, which date back to at least July, have been sent to hotels in "at least seven European countries and one Middle Eastern country," FireEye writes in a blog post. APT28 (aka Fancy Bear) is linked to the Russian government and US election hacks.

The malware is spread via a version of the EternalBlue exploit. If that name sounds familiar, it's because it was the same one used in the recent WannaCry ransomware attacks. EternalBlue and other NSA hacking tools were leaked online last year by a group known as the Shadow Brokers, putting these powerful tools in the hands of anyone able to use them.


Once inside a network, the hackers seek out machines that control the hotel's guest and internal Wi-Fi networks. Upon gaining access to these machines, the hackers deploy other tactics to steal usernames and hashed passwords that give them greater access to the victim network.

"No guest credentials were observed being stolen at the compromised hotels; however, in a separate incident that occurred in Fall 2016, APT28 gained initial access to a victim's network via credentials likely stolen from a hotel Wi-Fi network," FireEye warned. In that case, the victim was compromised after connecting to a hotel Wi-Fi network.

"Travelers must be aware of the threats posed when traveling—especially to foreign countries—and take extra precautions to secure their systems and data," FireEye wrote. "Publicly accessible Wi-Fi networks present a significant threat and should be avoided whenever possible."

Read more

Check Also

Have You Been Pwned? Firefox Tool Will Tell You

Firefox Monitor lets people check their email addresses against the popular Have I Been Pwned data breach database. Password manager 1Password has also integrated Have I Been Pwned into its Watchtower service on the web.

Leave a Reply

Your email address will not be published. Required fields are marked *

Disclaimer: Trading in bitcoins or other digital currencies carries a high level of risk and can result in the total loss of the invested capital. theonlinetech.org does not provide investment advice, but only reflects its own opinion. Please ensure that if you trade or invest in bitcoins or other digital currencies (for example, investing in cloud mining services) you fully understand the risks involved! Please also note that some external links are affiliate links.