A group of hackers suspected of having links with Russian military intelligence may have been behind the crackdown on hotel guests in eight European countries, most of which last month were called APT 28, which sought to steal words, FireEye security and security researchers said on Friday. Traffic from Western business travelers and businessmen using Wi-Fi networks for hotels to infect their regulatory networks in their home countries.
The wave of attacks in the first week of July was aimed at travelers staying in several hotel chains in at least seven countries, mostly in Europe and one in the Middle East. The report is the latest report that Russia is involved in the Scale campaign targeting governments, businesses and election campaigns, including a failed attempt to break through last year's presidential candidate Hillary Clinton.
Many governments and security companies have linked APT 28 to the Russian military intelligence service (GRU). Other investigators have followed the same pattern of attacks, but have not linked APT 28 to the Russian state. Moscow strongly denies the charges.
"The technical work and the remote command line used in the attacks clearly point to the APT 28 group, which has expanded its activities since 2014, and we are fairly confident of our assessment because the technical investigation is still in," said Benjamin Reid, director of cyber espionage analysis at FireEye. His first days. "
The latest attempts were thwarted and thwarted at the initial infiltration stage, but similar methods were used in the fall of 2016 in European hotels. The group was able to penetrate a government employee's computer in the United States. The security company showed the use of phishing e-mails to deceive the hotel staff and urge it to download. A document with malicious GAMEFISH software in the July attacks.
The security company has made no mention of theft of any authorization card, but there are many target hotel chains, and it does not know the full extent of the spread of the operation. The July attacks used part of the recently leaked malware, known as EternalBlue, It was stolen from the US National Security Agency, giving hackers a very sophisticated way to silently move into organizations' networks once infected by a single device.
0 Comments