Recent password-sniffing hack targets hotel Wi-Fi in Europe – CNET

Aaron Robinson/CNET

Yet another reminder about the dangers of using public Wi-Fi, security consulting firm FireEye reports that it’s uncovered a phishing-based cyberattack aimed at people staying at hotels in Europe and the Middle East. 

The attack uses a combination of an old standby — an infected document — and the latest tools, including Wi-Fi sniffing and the Microsoft SMB exploit EternalBlue (made famous by WannaCry). According to FireEye, Russian-based APT28 hackers have deployed attempts to collect passwords sent over the network. That’s one of the groups associated with the DNC attack during the 2016 US election cycle. However, FireEye as yet hasn’t found any examples of stolen credentials in the locations where it says this specific attack has occurred.

Basically, when a user opens the infected document it runs a macro that deploys code which infiltrates the hotel’s network, spreading across networks via EternalBlue and spoofing user-requested pages to collect usernames and passwords. 

It’s more complicated than that, of course, but you can get more detail from our sister size ZDNET’s coverage, and yet more detail from the FireEye report.

Leave a Reply

Your email address will not be published. Required fields are marked *