Summary: A cybercrime group known as Storm-1865 is targeting the hospitality sector with phishing attacks using fake Booking.com emails and a social engineering method called ClickFix to deliver malware. The campaign, ongoing since 2023, aims to steal sensitive financial information from victims. Microsoft warns that these sophisticated tactics are evolving to bypass traditional security measures.
Affected: Hospitality organizations in North America, Europe, Oceania, South, and Southeast Asia
Keypoints:
- Storm-1865 uses fake emails regarding guest reviews, account verifications, and promotions to lure victims.
- The ClickFix technique tricks users into executing malicious commands on their systems.
- Malware executed can steal financial credentials, indicating the groupβs goal of conducting financial fraud.
Source: https://www.securityweek.com/microsoft-warns-of-hospitality-sector-attacks-involving-clickfix/