Hackers linked to Russian military intelligence were behind a cyber-espionage campaign targeting influential figures from the West, according to a report by security researchers.
Phishing emails sent to employees at high-class hotels were designed to allow the hackers to steal passwords and other information belonging to Western government and business travellers.
The campaign was detected by cybersecurity firm FireEye and saw the attackers gain access to the IT systems of numerous hotels across Europe and the Middle East.
Researchers believe the espionage group behind the attacks is linked to the Russian military intelligence agency GRU.
The group is known colloquially as Fancy Bear, or in the more academic language of the report as Advanced Persistent Threat 28 (APT 28).
Moscow denies the group has any affiliation with the GRU.
The espionage campaign saw spear phishing emails sent which installed Fancy Bear’s signature malware GAMEFISH on victims’ systems when they clicked on a link or opened the attachment.
In several incidents the emails were successful in infecting a hotel’s systems, allowing the espionage group to control guest WiFi networks and steal guests’ passwords.
“We did not observe any guest credentials being stolen. However, there were multiple hotel chains targeted and we don’t know the full extent of the operation,” FireEye researcher Benjamin Read said.
