Skip to content
Tech News
← Back to articles

Phishers Gain Persistence at EU, Asia Hospitality Orgs

2026-06-30 | original
read original more articles
Why This Matters

This ongoing phishing campaign targeting hospitality organizations highlights the increasing sophistication of cyber threats aimed at critical service sectors. It underscores the need for enhanced security measures and employee awareness to prevent long-term system compromises and data breaches in the industry.

Key Takeaways

Attackers have been targeting hotels and other hospitality organizations with a phishing campaign that uses malicious zip files purporting to include guest photos, with the aim of installing malware to achieve long-term access to compromised systems.

Both researchers at Microsoft and Trend Micro have observed the malicious activity, though they did not confirm if it was connected, according to separate reports published recently. Neither company immediately responded to a request for comment by Dark Reading about a potential link between the activities they described.

Attackers in both campaigns use similar social engineering tactics to target the hospitality sector by impersonating guests who have complaints or requests, and then ultimately installing malware to gain a foothold on systems. They are both also relying on operational workflows familiar in a hospitality environment, where front-desk staff and reservation teams field inquiries from guests, the researchers said. And both sets of activity exploit trusted services to lend legitimacy to phishing emails, and ultimately deliver malware through zip archives containing Windows shortcut files disguised as images. This technique in particular has become increasingly popular among phishing attackers as Microsoft has restricted macro-based malware delivery.

Related:Chinese, N. Korean Threat Groups Build on Asia-Pacific Success

Perhaps most notably, rather than deploy ransomware or reap some immediate financial reward, as many phishing attacks do, both reports also describe the operators looking to establish reliable remote access to compromised systems. This is likely so they can return later to steal credentials, move laterally, or deploy additional payloads, the researchers noted.

A Tale of Two Cyber Campaigns

Microsoft has been tracking the intrusion campaign targeting hotels and other hospitality organizations across Europe and Asia, activity that the researchers said began in at least April. Trend Micro, meanwhile, has followed similar activity that occurred in May against Booking.com partner companies, specifically in Japan.

According to Microsoft's account, attackers sent phishing emails with themes such as guest complaints, bedbug reports, health inspections, and reservation issues. The messages often abused legitimate services, including Calendly's email notification system and Google's URL redirection service, "to bypass conventional authentication checks through a technique we describe as authentication laundering," according to the post.

"By routing phishing messages through a trusted service’s sending infrastructure, the threat actor can make malicious messages appear similar to legitimate notifications to email authentication defenses," the Microsoft researchers wrote.

Related:Pakistan Spies on Afghan Finance Ministry With Xeno RAT

... continue reading

Explore topics: phishing microsoft trend micro hospitality malware
Related:
Microsoft Previews Linux Containers That Run In Windows
Have You Restarted Your Computer This Week?
Will tech giants ever let us opt out of AI search features?
Xbox weighs canceling Blade game and shuttering Arkane
Microsoft reveals why Windows 11 keeps saying a file is in use after closing app

© 2026 GoKawiil

About | Editorial Policy | Contact