Russian hackers unwelcome hotel guests
Russian hackers who infiltrated the computer systems of the Democratic National Committee in the US are now focusing on the wifi networks of European hotels to spy on guests in a ‘‘chilling’’ cyberoperation.
The state-sponsored Fancy Bear group infected the networks of luxury hotels in at least seven European countries and one Middle Eastern country last month, researchers say.
FireEye, the US cybersecurity company that discovered the attacks, said the hotels were in capital cities and belonged to international chains that diplomats, business leaders and wealthy travellers would use. None of the hotels known to have been a target was in the UK but all regularly host British guests.
According to FireEye, the hackers gained access to a first computer in each hotel’s network using a ‘‘phishing’’ email disguised as a form for employees to complete. Once the machine was compromised, the malware moved through the hotel’s network to infect other terminals and the hotel’s wifi – enabling the hackers to steal guests’ login credentials for email accounts and other programs.
Benjamin Read, of FireEye, said: ‘‘As a guest, once you’ve logged into the wifi, you don’t have to click on a link or do anything proactive to fall victim. We notified the hotels where we identified the threat and they have taken countermeasures to shut it down. However, we believe the group has targeted hotels where we don’t have those insights, so the threat remains elsewhere.’’
The attackers used malware known as Gamefish, which is considered a signature of Fancy Bear. To distribute the malware, the hackers used EternalBlue, a hacking tool, which was stolen from the US National Security Agency and leaked online by the Shadow Brokers group in April. The tool was used to distribute the WannaCry ransomware, which infected 300,000 computers in May.
The Fancy Bear group, otherwise APT28, is best known for its hacking of the Democratic National Committee, leading to the leak of thousands of emails that were damaging to Hillary Clinton’s presidential campaign. The group, which security experts say has ties to Russian military intelligence, has also infiltrated communications systems used by the Ukrainian military and the computers of the World AntiDoping Agency.
Read said: ‘‘The hacking tools and software are consistent with this group’s methods and the targeting is in line with its strategic interests. Business, government and military figures, who are travelling, especially in foreign countries, often rely on systems other than those at their home office, and they may be unfamiliar with threats posed while abroad.’’