About mid-August this year, the hospitality sector throughout Europe and the Middle East was subjected to a cyber security threat by cyber espionage group known as advanced persistent threat group number 28 (APT28).
Beginning in early July 2017, a spearfishing hack victimized travelers in these areas via email with an attachment document sent to targeted hotels. If the travelers opened the attachment, the macro executed, which installed GAMEFISH malware, thus allowing APT28 access to a hotel’s guest and internal Wi-Fi networks. This time, no guest credentials were reportedly stolen, however, in Fall 2016 APT28 did gain accessibility to individual networks in a separate attack. It is likely this access was stolen from a hotel Wi-Fi network.
APT28 gained access in part through EternalBlue, the NSA’s security exploit leaked earlier this year by Shadow Brokers. This exploit was subsequently used by the WannaCry ransomware, as well as the NotPetya attacks in May and June, respectively.
Who is APT28?
APT28, aka Pawn Storm or Sofacy, is thought to be sponsored by the Russian government. Security experts credit APT28 with sophisticated jobs, including being suspected of interfering with the U.S. 2016 election. APT28 is also known as Fancy Bear; its latest moniker stemming from the code used to ID the hackers.
Typically, their targets include government, military, and security organizations; this was the first reported time APT28 attacked a different sector. However, their modus operandi is not necessarily to secure information for personal gain, but to use as leverage or collateral against a government or another authoritative entity.
How Does This Affect You?
With people’s personal lives and information intersecting more with the online sphere and hackers continually refining their techniques, the threat of a cyber security breach is always on the horizon.
Just recently, the disastrous Equifax breach proves still how vulnerable not only individuals are but even major companies. What’s worse is that even when security patches are offered, they are not always implemented immediately, also seen in the Equifax case.