MOSCOW, Russia - According to a revelation made by networking security website, FireEye, Russian hackers can take over unsecured hotel WiFi hotspots and the malicious exploit may use leaked NSA tool, EternalBlue.
The website’s security team is said to have discovered a malicious document in several emails sent to "multiple companies in the hospitality industry, including hotels in at least seven European countries and one Middle Eastern country in early July."
The document contained a macro that reportedly installs GAMEFISH malware, which is associated with a politically-motivated Russian hacking group known as APT28 (or Fancy Bear).
According to the group, this is allegedly the same group that hacked the Democratic National Committee in months leading up to last year's U.S. Presidential election.
The tool used after the initial malware installation, EternalBlue, reportedly leaked from the NSA itself.
FireEye said in its report that the EternalBlue exploit could let hackers access anyone's computer connected to the hotel WiFi.
It then silently gathers usernames and passwords without victims even having to type them in.
FireEye's Ben Read was quoted as saying in a report in Wired, "It's definitely a new technique for this Russian hacker group. It's a much more passive way to collect on people. You can just sit there and intercept stuff from the WiFi traffic."
In light of the new details, the security group warns travellers to be aware of the threat when visiting hotels in other countries and to secure their systems.
Ben Read and Lindsay Smith in a blog post, "Publicly accessible WiFi networks present a significant threat and should be avoided whenever possible.”