INFRA
INFRA
INFRA
Russian hackers use NSA exploits to target high-profile hotel guests
The Russian hacking group believed to be involved in hacking attempts during the 2016 U.S. presidential election is now alleged to be using National Security Agency exploits to target “high-profile” hotel guests in Europe and the Middle East.
Security experts say the group, known as “Fancy Bear” or APT28, is using EternalBlue, the NSA exploit exposed in a dump by The Shadow Brokers in April and subsequently used by those behind the WannaCry hack in May. The campaign, detailed Friday by security firm FireEye Inc., targets Wi-Fi networks in hotels and uses EternalBlue to gain access to and steal data from high-profile targets such as government officials and businesspeople.
According to the research, the attackers first attempt to compromise hotels through a phishing campaign that uses a fake hotel reservation. When opened, the reservation runs Gamefish, a form of malware that gives the attackers a backdoor into the targeted network. Once through the door, the hackers then spread further malware using the EternalBlue Windows SMB exploit to network computers running the guest and internal Wi-Fi network of the given hotel. Once in control of the Wi-Fi network, the hackers would then go looking for their high-profile targets and intercept traffic from their computers, including usernames and passwords that then can be used to access their accounts.
Wi-Fi hacking is far from new, since the method of intercepting traffic from Wi-Fi networks has been around nearly as long as the networks have been available. What makes this case interesting is that a Russian hacking group with alleged links to the Kremlin is now using NSA exploits as part of its kit to hack into networks – essentially software designed with the use of U.S. taxpayer dollars is now being used by Russians to hack Americans.
“Travelers must be aware of the threats posed when traveling – especially to foreign countries – and take extra precautions to secure their systems and data,” FireEye concluded. “Publicly accessible Wi-Fi networks present a significant threat and should be avoided whenever possible.”
Photo: Pexels
A message from John Furrier, co-founder of SiliconANGLE:
Support our open free content by sharing and engaging with our content and community.
Join theCUBE Alumni Trust Network
Where Technology Leaders Connect, Share Intelligence & Create Opportunities
11.4k+
CUBE Alumni Network
C-level and Technical
Domain Experts
15M+
theCUBE
Viewers
Connect with 11,413+ industry leaders from our network of tech and business leaders forming a unique trusted network effect.
SiliconANGLE Media is a recognized leader in digital media innovation serving innovative audiences and brands, bringing together cutting-edge technology, influential content, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — such as those established in Silicon Valley and the New York Stock Exchange (NYSE) — SiliconANGLE Media operates at the intersection of media, technology, and AI. .
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a powerful ecosystem of industry-leading digital media brands, with a reach of 15+ million elite tech professionals. The company’s new, proprietary theCUBE AI Video cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
