Russian hackers targeting Indian hospitality industry for user data

A Russian hacking group "APT28" also known as Fancy Bear is targeting Indian hospitality industry to steal user data through unsecured Wi-Fi at the hotels, according to a report from cyber-security company, FireEye. APT28 has already attacked travelers in hotels throughout Europe and the Middle East in a hacking spree that dates back to July this year.

According to FireEye, the group used various hacking techniques such as "EternalBlue" and "Responder," sniffing passwords from Wi-Fi traffic. FireEye also claims to have found a malicious document named "Hotel_Reservation_Form.doc", sent in spear phishing emails to multiple companies in the hospitality industry, including hotels in at least seven European countries and one Middle Eastern country.

"One of the most concerning aspects of this operation is the victims included hotel guests who didn't do anything wrong. They didn't click a malicious link or open an attachment they shouldn't have. They simply used the Internet over Wi-Fi in their hotels," Subhendu Sahu, Acting Country Manager for India, FireEye told IANS.

"Indian organizations should have strong security controls in place to detect attackers who compromise traveling employees' systems and then follow them home like an unwanted souvenir," Sahu added.

According to FireEye, APT28, in an incident in 2016, gained initial access to a victim's network via credentials likely stolen from the hotel Wi-Fi network and hacked the victim's Outlook Web Access (OWA) account.

"Cyber espionage activity against the hospitality industry is typically focused on collecting information on or from hotel guests of interest rather than on the hotel industry itself, though actors may also collect information on the hotel as a means of facilitating operations," FireEye said.

The cyber-security firm adds that public Wi-Fi networks present a significant threat and should be avoided whenever possible.