Hackers Spy on Hotel Guests and Target North Korean Organizations

Stockforlife/Shutterstock.com

It's never a dull week in ThreatWatch.

Welcome to ThreatWatch, Nextgov's weekly roundup of cyber incidents around the globe. 

Russia-linked Fancy Bear Tied to Hotel Spying

A security firm linked a recent wave of hacked hotel Wi-Fi networks to one of the groups suspected of breaching the Democratic National Committee during the 2016 presidential election, according to Wired.

The group, known as Fancy Bear or APT28, used tools allegedly stolen from the National Security Agency to conduct widespread surveillance on higher-end hotels that were likely to attract corporate or other high-value targets, the cybersecurity firm FireEye reported. FireEye has “moderate confidence” Fancy Bear was behind such a surveillance campaign in 2016, and others in recent months at hotels in Europe and one Middle Eastern capital. The campaign’s target, however, is unclear.

FireEye said the hackers used phishing emails to spread attachments infected with the alleged NSA exploit Eternal Blue. They eventually worked their way to corporate and guest Wi-Fi networks, where they could intercept guest information and collect credentials.

The Wired article suggested travelers should bring their own hotspots and avoid connecting to hotel networks.

Security Researchers: North Korea Hit with Malware Campaign

An unknown group has targeted North Korean organizations with malware that would allow repeated access to systems.

Security researchers say the latest campaign—after a July 3 intercontinental ballistic missile test—is at least the fifth attack in three years, Dark Reading reported. That campaign used a copy-pasted news article about the missile launch to trick recipients into launching the malware, the security firm Talos reported.

At first, the Konni malware used in the campaign only gathered information, but it later evolved to include the ability to remotely take control of some seized accounts, according to Talos and another security firm Cylance. The malware is capable of logging keystrokes, capturing screens and uses advanced techniques to avoid detection, the firms reported.

“The motivation behind these campaigns is uncertain, however it does appear to be geared towards espionage against targets who would be interested in North Korean affairs,” Cylance researchers said.