For criminal hackers, Brazilian hotel networks appear to be easy targets

The findings underscore Brazil’s longstanding struggles with cybercrime.
credit cards, payment cards, data breach
(Getty Images)

Cybercriminals have gone on a spree in Brazil’s hospitality industry, infecting the networks of hotels and tourism companies with malware that steals credit card data, according to researchers at Kaspersky.

All told, the hackers have struck hospitality organizations in eight states across Brazil, and 20 hotels in that country and others around the world, Kaspersky said last week.

Active since 2015, the hackers have stepped up their activity this year.  They are brazenly selling access to hotel networks they’ve breached to whoever is buying. 

Some Brazilian criminals tout the extracted credit card data “as high quality and reliable” because it came from a hotel administration system, the researchers wrote in a blog post.


The breaches often begin with spearphishing emails in fluent Portuguese to hotel employees. Once clicked, the emails open up malware capable of capturing data that flows downstream during the reservation process from popular sites like

The findings underscore Brazil’s longstanding struggles with cybercrime. Online forums in Brazil are teeming with offers of hacking tools and chatter about companies that make easy targets. The country’s cybercriminal gangs are highly organized, made up of cells focusing on software development and money laundering, threat-intelligence company Recorded Future has found.

But the hacking campaigns, which Kaspersky researchers attributed to two different criminal groups they call RevengeHotels and ProCC, have also reached countries from Thailand to Turkey. That global reach is a reminder of the challenges the hospitality industry faces in securing customer payment data that comes from a variety of sources. Criminal groups like FIN7, for example, are adept at homing in on payment card processors used in the industry.

“The use of spear-phishing emails, malicious documents and RAT malware is yielding significant results for at least two groups we have identified in this campaign,” Kaspersky analysts concluded, building on previous research from Palo Alto Networks.

Sean Lyngaas

Written by Sean Lyngaas

Sean Lyngaas is CyberScoop’s Senior Reporter covering the Department of Homeland Security and Congress. He was previously a freelance journalist in West Africa, where he covered everything from a presidential election in Ghana to military mutinies in Ivory Coast for The New York Times. Lyngaas’ reporting also has appeared in The Washington Post, The Economist and the BBC, among other outlets. His investigation of cybersecurity issues in the nuclear sector, backed by a grant from the Pulitzer Center on Crisis Reporting, won plaudits from industrial security experts. He was previously a reporter with Federal Computer Week and, before that, with Smart Grid Today. Sean earned a B.A. in public policy from Duke University and an M.A. in International Relations from The Fletcher School of Law and Diplomacy at Tufts University.

Latest Podcasts