They Didn't Hack Booking.com. They Weaponized It.
ID: 60b6f51e-47fd-5775-bd53-84ae01cc4c69
STIX ID: report--60b6f51e-47fd-5775-bd53-84ae01cc4c69
Feed Name: NoHackie
Executive summary: A persistent, multi-actor criminal fraud operation has been compromising Booking.com partner hotel accounts since at least December 2024, using advanced social-engineering variants (ClickFix, FileFix) to deliver infostealers and RATs (notably PureRAT) via disposable infrastructure and TDS, then leveraging legitimate extranet messaging to trick guests into paying fraudulent invoices; the report includes malware analysis, IOCs, underground market pricing for stolen accounts, observed C2 mechanisms (including Steam profile dead drops), and prioritized mitigations for hotels and guests.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.