FireEye has moderate confidence that a campaign targeting the hospitality sector is attributed to Russian actor APT28. It has trapped a lot of hospitality players with malicious document. Given the spread of this malware, it is important that the hospitality companies take a proper precaution and keep this threat away.
If FireEye is to be believed, APT28 is using novel techniques involving the EternalBlue exploit and the open source tool Responder to spread laterally through networks and likely target travelers. Once inside the network of a hospitality company, APT28 sought out machines that controlled both guest and internal Wi-Fi networks.
Business and government personnel who are traveling, especially in a foreign country, often rely on systems to conduct business other than those at their home office, and may be unfamiliar with threats posed while abroad.
These incidents show a novel infection vector being used by APT28. The group is leveraging less secure hotel Wi-Fi networks to steal credentials and a NetBIOS Name Service poisoning utility to escalate privileges.
Cyber security attacks like this might cripple the image of hotels and players in this domain. They need to use the right kind of security tools and bring in healthy security practices to ward off attacks.