Russian Hackers Allegedly Tracking Hotel WiFi Users

The GCHQ's National Cyber Security Centre Offers Warning.


According to a new report from UK intelligence agency GCHQ, cybercriminals and hackers are increasingly using methods for tracking hotel WiFi users. GCHQ has issued a strong warning to any UK individuals looking to go abroad.

The warning suggests that users should be very careful about what WiFi networks they connect to and what information they are sharing whilst on that network.

The GCHQ’s National Cyber Security Centre is responsible for the recent report on increased activity in individuals and organizations maliciously tracking hotel WiFi users whilst abroad. The organization suggests that everybody should be doubly cautious of all public WiFi hotspots – this includes hotel WiFi, cafe WiFi, and other hotspots available in airports and restaurants.

According to the National Cyber Security Centre, many of these public WiFi hotspots could have been infected with malware and could prevent a big risk to your personal data and bank log-in details.

GCHQ has pinpointed the increase in malicious attempts at tracking hotel WiFi users down to a group of Russian hackers known as APT28, or Fancy Bears. This same hacking team has also been responsible for leaking information about scandals within the soccer industry.

hotel wifi users 2

Their last news-worthy attack saw them leak drug test results for a number of professional soccer players and athletes.


With this team potentially responsible for a large network of infected open WiFi networks, GCHQ has warned everybody to increase their password security and set-up two-factor authentication for all of their services and programs so that hackers cannot brute force their way into infiltrated accounts.

Whilst all holidaymakers should be aware of their account security across all services, this particular hacking campaign seems to be focused on infiltrating email accounts. Thankfully, this attack isn’t focused on smartphone devices, so you wouldn’t need to worry about SMS tracking or data stolen from your mobile phone.


In a public statement, National Cyber Security Centre wrote;

“Fancy Bears have allegedly been seeking access to hotel Wi-Fi networks to install malware on guest devices connecting to targeted networks. According to researchers, the attackers may have been able to gain access to victims’ data, including emails, and to harvest online credentials.”

“The hacking campaign, which has been noted predominantly in mid-upmarket hotels in European capitals and the Middle East, could be targeting foreign government and business travelers. Travelers should be aware of their digital security when traveling overseas. Where possible, travelers are advised not to connect to insecure or untrusted Wi-Fi networks.”

hotel wifi users

The sudden increase of attacks was first spotted by cybersecurity firm FireEye. The researchers responsible for the discovery has mentioned that the hackers are using a high-tech WiFi exploit that was stolen directly from NSA. The exploit was dubbed Eternal Blue by the NSA and has been the cause of many large scale cyber attacks over the last two years. Attacks that used NSA’s Eternal Blue exploit include the WannaCry ransomware and the Petya.A attacks.

The exploit uses a infiltrated version of Window’s networking protocol to spread through systems rapidly. Fortunately, this huge exploit has since been fixed on the latest version of Windows 10, but you should be especially careful if you’re using older versions of Windows or if you’re using a public computer.

You might also like More from author

Leave A Reply

Your email address will not be published.