Researchers believe that a team of hackers that attacked the Democratic National Committee is now using leaked National Security Agency hacking tools.

Fancy Bear, who is associated with Russia's foreign intelligence agency, the GRU, appears to be using a now-patched Windows networking vulnerability nicknamed EternalBlue to distribute malware, according to a report from the security firm FireEye.

EternalBlue was one of several tools leaked by the ShadowBrokers group, who claim to have stolen their wares from the NSA. It was also a component of WannaCry and NotPetya, two rapidly spreading malware attacks that caused massive damage worldwide in the past few months.

ADVERTISEMENT

The Fancy Bear campaign using EternalBlue is targeting the hospitality industry in at least seven European countries and the Middle East, reports FireEye. Targets are sent a Microsoft Word document that installs malware only seen in Fancy Bear attacks and uses EternalBlue to install across entire networks.

FireEye says it is "moderately confident" Fancy Bear is behind the attacks.

Multiple nation-state groups are believed to target the hospitality industry as a vector to snoop on travelers that might use their services.