UPDATED 23:12 EDT / AUGUST 13 2017

INFRA

Russian hackers use NSA exploits to target high-profile hotel guests

The Russian hacking group believed to be involved in hacking attempts during the 2016 U.S. presidential election is now alleged to be using National Security Agency exploits to target “high-profile” hotel guests in Europe and the Middle East.

Security experts say the group, known as “Fancy Bear” or APT28, is using EternalBlue, the NSA exploit exposed in a dump by The Shadow Brokers in April and subsequently used by those behind the WannaCry hack in May. The campaign, detailed Friday by security firm FireEye Inc., targets Wi-Fi networks in hotels and uses EternalBlue to gain access to and steal data from high-profile targets such as government officials and businesspeople.

According to the research, the attackers first attempt to compromise hotels through a phishing campaign that uses a fake hotel reservation. When opened, the reservation runs Gamefish, a form of malware that gives the attackers a backdoor into the targeted network. Once through the door, the hackers then spread further malware using the EternalBlue Windows SMB exploit to network computers running the guest and internal Wi-Fi network of the given hotel. Once in control of the Wi-Fi network, the hackers would then go looking for their high-profile targets and intercept traffic from their computers, including usernames and passwords that then can be used to access their accounts.

Wi-Fi hacking is far from new, since the method of intercepting traffic from Wi-Fi networks has been around nearly as long as the networks have been available. What makes this case interesting is that a Russian hacking group with alleged links to the Kremlin is now using NSA exploits as part of its kit to hack into networks – essentially software designed with the use of U.S. taxpayer dollars is now being used by Russians to hack Americans.

“Travelers must be aware of the threats posed when traveling – especially to foreign countries – and take extra precautions to secure their systems and data,” FireEye concluded. “Publicly accessible Wi-Fi networks present a significant threat and should be avoided whenever possible.”

Photo: Pexels

Since you’re here …

… We’d like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.

If you like the reporting, video interviews and other ad-free content here, please take a moment to check out a sample of the video content supported by our sponsors, tweet your support, and keep coming back to SiliconANGLE.

Cookies

We employ the use of cookies. Find out more.