Russian hackers from APT28 accused of stealing personal data of European officials

Russian hackers from APT28 accused of stealing personal data of European officials
Experts from FireEye tracked APT28 down through its M.O.

The American company dealing with computer security – FireEye – has accused APT28 hacker group, also known as Fancy Bear, Sofacy, Pawnstorm, Sednit, and Strontium, of stealing details of the European and Middle Eastern hotels visitors; the hackers accessed their computers through the hotel WiFi.

The American company dealing with computer security – FireEye – has accused APT28 hacker group, also known as Fancy Bear, Sofacy, Pawnstorm, Sednit, and Strontium, of stealing details of the visitors of European and Middle Eastern hotels; the hackers accessed their computers through the hotel WiFi. 

The Cyber attacks on the electronic devices of officials and businessmen recorded in early July are described in a report recently published by FireEye. In particular, it concerns at least 7 countries in Europe and the Middle East.

According to the report, the APT28 group, associated with the Russian Military Intelligence by Reuters, had tried to steal data from Western officials and businessmen to infect the computer systems of their organizations.

The activity of cyber-spies in the hotel sphere is usually aimed at stealing information from guests, the document says. As proof, FireEye cites a series of attacks targeted at the hotel sector, which were conducted by APT28. In particular, the hackers would steal passwords from WiFi traffic and infect computers with NetBIOS viruses using the EternalBlue exploit for Windows for the purpose of identity theft. As a result, the hackers logged in with stolen user credentials already in 12 hours after the victims connected to hotels’ WiFi through various devices.

The hacker group Fancy Bear, also known as Sofacy and APT28, has existed since 2004. The group is known for cyberattacks on state, information, and military structures of foreign countries, as well as on Russian oppositionists.

In particular, it is suspected of attacks on the Bundestag's servers and Angela Merkel's  Christian Democratic Union party, French television channel TV5 Monde, information systems of the White House and NATO, as well as the World Anti-Doping Agency website and the network of the National Committee of the Democratic Party of the United States.

Tags: Interpol
Discuss

Recommended

1 / 3