Researchers at security firm FireEye said that probably behind a campaign targeting hotel guests in eight mostly European countries last month, was a cyber-spying group with suspected links to Russian military intelligence.
FireEye said in a report that in order then to infect their organizational networks back home, using hotel wi-fi networks, the espionage group, dubbed APT 28, sought to steal password credentials from Western government and business travelers.
It said that staying in several hotel chains in at least seven countries in Europe and one in the Middle East, the wave of attacks during the first week of July targeted travelers.
Including Hillary Clinton's unsuccessful White House bid last year, the allegations that Russia is engaged in far-flung hacking activity aimed at governments, businesses and election campaigns were given body by these preliminary findings.
APT 28 has been linked to the GRU, Russia's military intelligence directorate by several governments and security research firms. While stopping short of linking APT 28 to the Russian state, other researchers have tracked the same pattern of attacks.
Moscow vehemently denies the accusations.
Clearly pointing to APT 28, whose vast scope of activities his firm has detailed since 2014, are the technical exploits and remote chain of command used to mount the attacks, said Benjamin Read, manager of cyber espionage analysis for U.S.-based FireEye.
"We are moderately confident in our assessment," Read told Reuters, saying this was because the technical inquiry was still in its early days. "We just don't have the smoking gun yet."
The latest attempts were identified and thwarted in the initial infiltration stage. But the computer of a U.S. government employee was breached in the autumn of 2016 at hotels in Europe by the use of similar methods.
As infected hotel reservation document was installed GAMEFISH malware run remotely from internet sites known to be controlled by APT 28 after hotel employees were tricked to download spear-phishing emails in the July attacks, FireEye found.
Cyber spies could sniff unencrypted data being transmitted to shared network drives in the up-market, business-class hotels of major cities and grab passwords of targeted victims by this foothold which gave the cyber spies control over guest wi-fi networks.
"We did not observe any guest credentials being stolen. However there were multiple hotel chains targeted and we don't know the full extent of the operation," Read said.
Hackers were given a highly sophisticated way to move silently inside organizations' networks once they infect even a single machine in the July attacks as the hackers took advantage of a recently leaked piece of malicious software known as EternalBlue, believed to have been stolen from the U.S. National Security Agency.
The NotPetya attack against Ukraine in June, which fanned out globally to hit dozens of major firms and the worldwide spread of WannaCry ransomware in May were fueled by EternalBlue.
(Source:www.reutrs.com)
FireEye said in a report that in order then to infect their organizational networks back home, using hotel wi-fi networks, the espionage group, dubbed APT 28, sought to steal password credentials from Western government and business travelers.
It said that staying in several hotel chains in at least seven countries in Europe and one in the Middle East, the wave of attacks during the first week of July targeted travelers.
Including Hillary Clinton's unsuccessful White House bid last year, the allegations that Russia is engaged in far-flung hacking activity aimed at governments, businesses and election campaigns were given body by these preliminary findings.
APT 28 has been linked to the GRU, Russia's military intelligence directorate by several governments and security research firms. While stopping short of linking APT 28 to the Russian state, other researchers have tracked the same pattern of attacks.
Moscow vehemently denies the accusations.
Clearly pointing to APT 28, whose vast scope of activities his firm has detailed since 2014, are the technical exploits and remote chain of command used to mount the attacks, said Benjamin Read, manager of cyber espionage analysis for U.S.-based FireEye.
"We are moderately confident in our assessment," Read told Reuters, saying this was because the technical inquiry was still in its early days. "We just don't have the smoking gun yet."
The latest attempts were identified and thwarted in the initial infiltration stage. But the computer of a U.S. government employee was breached in the autumn of 2016 at hotels in Europe by the use of similar methods.
As infected hotel reservation document was installed GAMEFISH malware run remotely from internet sites known to be controlled by APT 28 after hotel employees were tricked to download spear-phishing emails in the July attacks, FireEye found.
Cyber spies could sniff unencrypted data being transmitted to shared network drives in the up-market, business-class hotels of major cities and grab passwords of targeted victims by this foothold which gave the cyber spies control over guest wi-fi networks.
"We did not observe any guest credentials being stolen. However there were multiple hotel chains targeted and we don't know the full extent of the operation," Read said.
Hackers were given a highly sophisticated way to move silently inside organizations' networks once they infect even a single machine in the July attacks as the hackers took advantage of a recently leaked piece of malicious software known as EternalBlue, believed to have been stolen from the U.S. National Security Agency.
The NotPetya attack against Ukraine in June, which fanned out globally to hit dozens of major firms and the worldwide spread of WannaCry ransomware in May were fueled by EternalBlue.
(Source:www.reutrs.com)
