APT 28 Is Reportedly Behind European Hotel Wi-Fi Attack

APT 28, a cyber spying group that is suspected to be connected to military intelligence in Russia, was likely behind a cyberattack of hotel guests in countries mainly in Europe in July.

Researchers at FireEye, the security firm, said in a research report covered by Reuters that the Kremlin hackers were aiming to steal the password credentials for business travelers and Western government officials using Wi-Fi networks in hotels mainly in eight countries in Europe. Some of the attacks also targeted travelers staying in one hotel in the Middle East, FireEye said, according to a news report by Reuters.

FireEye said in July it discovered spear phishing emails that were designed to get hotel employees to download a hotel reservation document that was infected and would install GAMEFISH malware remotely from the internet via a website that is known to be operated by APT 28.

According to Reuters, the claim by FireEye is just the latest allegation that the Kremlin is taking part in hacking activities around the globe, targeting businesses, governments and elections, such as Hillary Clinton’s in the U.S. in 2016. Reuters noted governments and security firms have already connected APT 28 with GRU, which is the military intelligence directorate in Russia. Other researchers found similar patterns but stopped short of saying there was a connection. The government in Russia denied the cybersecurity breach allegations.

Benjamin Read, manager of cyber espionage analysis for U.S.-based FireEye, said the technical exploits and the chain of command used in the hotel Wi-Fi attacks lead to APT 28, which the cybersecurity firm has been tracking since 2014.

“We are moderately confident in our assessment,” Read told Reuters, saying this was because the technical inquiry was still in its early days. “We just don’t have the smoking gun yet.” While the latest hack was prevented from happening, the report noted that in the fall of last year, hackers targeted European hotels and were able to get into the computer of a government employee in the U.S.