According to researchers at FireEye, the cybercrime group APT 28 (also known as Fancy Bear) has monitored high-ranking people staying in hotels in the Middle Eastern and European countries. It is interesting that hackers, connected by many experts with Russian special services, used for surveillance the tool EternalBlue from the arsenal of the US National Security Agency. Recall, EternalBlue was laid out in public access group Shadow Brokers in April this year.

Cybercriminals attacked unsuspecting users by hacking Wi-Fi hotel networks. To quickly spread control over networks, attackers used the EternalBlue exploit.

Attacks began with the sending of malicious phishing emails (similar letters were sent to hotel staff in at least seven countries in Europe and one country in the Middle East). The messages contained a document, after the discovery of which the system downloaded malicious software Gamefish.

It is not known for sure who exactly is behind the attacks, but this tool is often used by the APT 28 grouping, which prompted researchers to think about its involvement in incidents.

After installation, Gamefish received commands to find and infect the equipment that controls the internal and guest Wi-Fi networks, with the goal of further attacks on specific users. To steal the victim's credentials from the hotel wireless network, hackers used a unique technique, which until now had not been encountered, which allows them to steal logins and passwords even without having to force the victim to enter them.