The Russian hacking group believed to be involved in hacking attempts during the 2016 U.S. presidential election is now alleged to be using National Security Agency exploits to target “high-profile” hotel guests in Europe and the Middle East.

Security experts say the group, known as “Fancy Bear” or APT28, is using EternalBlue, the NSA exploit exposed in a dump by The Shadow Brokers in April and subsequently used by those behind the WannaCry hack in May. The campaign, detailed Friday by security firm FireEye Inc., targets Wi-Fi networks in hotels and uses EternalBlue to gain access to and steal data from high-profile targets such as government officials and businesspeople.

According to the research, the attackers first attempt to compromise hotels through a phishing campaign that uses a fake hotel reservation. When opened, the reservation runs Gamefish, a form of malware that gives the attackers a backdoor into the targeted network. Once through the door, the hackers then spread further malware using the EternalBlue Windows SMB exploit to network computers running the guest and internal Wi-Fi network of the given hotel. Once in control of the Wi-Fi network, the hackers would then go looking for their high-profile targets and intercept traffic from their computers, including usernames and passwords that then can be used to access their accounts.

Wi-Fi hacking is far from new, since the method of intercepting traffic from Wi-Fi networks has been around nearly as long as the networks have been available. What makes this case interesting is that a Russian hacking group with alleged links to the Kremlin is now using NSA exploits as part of its kit to hack into networks – essentially software designed with the use of U.S. taxpayer dollars is now being used by Russians to hack Americans.

“Travelers must be aware of the threats posed when traveling – especially to foreign countries – and take extra precautions to secure their systems and data,” FireEye concluded. “Publicly accessible Wi-Fi networks present a significant threat and should be avoided whenever possible.”

Photo: Pexels