A cybercrime group named Storm-1865 has targeted hospitality organizations via fake Booking.com emails and the use of social engineering.
March 13, 2025 By Eduard Kovacs
A cybercrime group has been targeting organizations in the hospitality sector in attacks involving fake Booking.com emails and the use of a social engineering technique named ClickFix, Microsoft warned on Thursday.
The threat actor behind these attacks is tracked by Microsoft as Storm-1865. It has been seen targeting hospitality organizations in North America, Europe, Oceania, and South and Southeast Asia in a campaign that is likely ongoing.
The hackers’ goal is to deliver information-stealing malware that enables them to conduct financial fraud and theft.
The attack starts with a fake email purporting to come from Booking.com. These messages inform the recipient — people and organizations in the hospitality sector — about negative guest reviews, account verification, online promotion opportunities, and requests from prospective guests.