Russian hackers use NSA exploits to target high-profile hotel guests
The Russian hacking group believed to be involved in hacking attempts during the 2016 U.S. presidential election is now alleged to be using National Security Agency exploits to target “high-profile” hotel guests in Europe and the Middle East.
Security experts say the group, known as “Fancy Bear” or APT28, is using EternalBlue, the NSA exploit exposed in a dump by The Shadow Brokers in April and subsequently used by those behind the WannaCry hack in May. The campaign, detailed Friday by security firm FireEye Inc., targets Wi-Fi networks in hotels and uses EternalBlue to gain access to and steal data from high-profile targets such as government officials and businesspeople.
According to the research, the attackers first attempt to compromise hotels through a phishing campaign that uses a fake hotel reservation. When opened, the reservation runs Gamefish, a form of malware that gives the attackers a backdoor into the targeted network. Once through the door, the hackers then spread further malware using the EternalBlue Windows SMB exploit to network computers running the guest and internal Wi-Fi network of the given hotel. Once in control of the Wi-Fi network, the hackers would then go looking for their high-profile targets and intercept traffic from their computers, including usernames and passwords that then can be used to access their accounts.
Wi-Fi hacking is far from new, since the method of intercepting traffic from Wi-Fi networks has been around nearly as long as the networks have been available. What makes this case interesting is that a Russian hacking group with alleged links to the Kremlin is now using NSA exploits as part of its kit to hack into networks – essentially software designed with the use of U.S. taxpayer dollars is now being used by Russians to hack Americans.
“Travelers must be aware of the threats posed when traveling – especially to foreign countries – and take extra precautions to secure their systems and data,” FireEye concluded. “Publicly accessible Wi-Fi networks present a significant threat and should be avoided whenever possible.”
Photo: Pexels
A message from John Furrier, co-founder of SiliconANGLE:
Your vote of support is important to us and it helps us keep the content FREE.
One click below supports our mission to provide free, deep, and relevant content.
Join our community on YouTube
Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.
THANK YOU