The Russian hacking group APT28, also known as Fancy Bear, has been targeting guests through unsecure Wi-Fi at hotels, according to security company FireEye.

The activity is relatively new, dating back to at least last month, FireEye said. The firm found that Fancy Bear sent a malicious document in a spear phishing campaign to multiple hotels in at least seven European countries and one Middle Eastern country in early July.

Read: Free Wi-Fi Spots: People Can't Help Logging On, Even If It's Dangerous

The malicious document included a macro that installs Fancy Bear’s signature GAMEFISH malware. Fancy Bear is a Kremlin-linked group that is believed to have hacked the Democratic National Committee prior to the 2016 presidential election.

Read: Sextortion: Why Minors Isolate Themselves And Cave Into Perpetrator's Demands

FireEye said the group used the EternalBlue exploit to spread through hotel networks and target guests. Once the hackers were inside the hotel's network, the group attempted to find machines that controlled both guest and internal networks. When they got access to the machines, the group used the hacking tool Responder, which causes the victim to send the username and hashed password to the machine controlled by the hacker.

“To spread through the hospitality company’s network, APT28 used a version of the EternalBlue SMB exploit,” FireEye explained. “This was combined with the heavy use of py2exe to compile Python scripts. This is the first time we have seen APT28 incorporate this exploit into their intrusions.”

DarkHotel, another hacking group, has also targeted travelers in Asian hotels by using spoofed software updates on infected Wi-Fi networks. In Europe, the Duqu 2.0 malware was found on the Wi-Fi networks of hotels used by those who participated in the Iranian nuclear deal.

Hacking activity in the hospitality industry is focused on obtaining information on or from guests staying at the hotel. It’s worth noting that business and government personnel who travel abroad may be unfamiliar with risks that come with using public Wi-Fi.

“Travelers must be aware of the threats posed when traveling – especially to foreign countries – and take extra precautions to secure their systems and data,” FireEye said in the post. “Publicly accessible Wi-Fi networks present a significant threat and should be avoided whenever possible.”

A recent report by Symantec, based on responses from 15,500 people in 15 global markets, found more than half of consumers worldwide don’t think twice about hooking their device up to free public Wi-Fi, ignoring the risk of compromising personal data.

The report found 46 percent of respondents said they can’t wait more than a few minutes before logging into a network, or asking the owner of the hotspot for the password, whether if they’re at a cafe spot or at a friend’s house.

Wi-Fi is also important for those staying at hotels. The survey said 71 percent of consumers said access to free Wi-Fi is a deciding factor when booking a reservation.

RELATED STORIES
Malware Russia