The cyberthreat landscape has been shaken once again as Microsoft Threat Intelligence researchers uncover a new cybercriminal group targeting the hospitality industry. Known as Storm-1865, this group has been actively spreading credential-stealing malware, causing significant havoc in the sector since late 2024. The attackers have devised a cunning tactic by creating a fake Booking.com page and sending deceptive messages to hotel managers regarding a non-existent review. Once the unsuspecting victims click on the provided link, they are redirected to a credential-harvesting site, putting their sensitive information at risk.
The impact of this ongoing attack has been felt across businesses in North America, Oceania, South Asia, and parts of Europe. The reputation of the Dutch-based startup, Booking.com, has taken a severe blow due to the malicious actions of Storm-1865. As authorities scramble to contain the damage and protect vulnerable businesses, the urgency to address cybersecurity threats in the hospitality sector has never been more critical.
In a separate cybersecurity development, the White House has confirmed the intrusion of a cyberattack group named Volt Typhoon into at least 14 U.S. telecom networks since 2019. The alarming revelation sheds light on the group’s activities, which involve transmitting sensitive data to foreign data centers. What adds to the concerns is the discovery of Volt Typhoon’s presence within the network of a U.S. electric grid, specifically targeting the Littleton Electric Light and Water Departments in Massachusetts starting from November 2023.
The breach was eventually uncovered by an industrial security firm, Dragos, which brought the matter to public attention. Response teams managed to contain the incident by February 2025, but the full extent of the damage caused by Volt Typhoon is yet to be revealed. The incident serves as a stark reminder of the persistent and evolving threats faced by critical infrastructure sectors, urging for enhanced cybersecurity measures and swift response protocols to thwart malicious actors.
On a regulatory front, the U.S. Federal Communications Commission (FCC) has taken a proactive step by updating its cybersecurity guidelines for companies operating submarine internet cables. The new regulations, which revise rules established in 2001, mandate strict adherence to Cybersecurity Risk Management (CRM) standards for all applicants and licensees in the undersea cable sector. These guidelines emphasize the importance of maintaining the confidentiality, integrity, and availability of systems while proactively detecting and mitigating cyber threats.
Compliance with these cybersecurity requirements will now play a pivotal role in the renewal of cable operation licenses, with companies expected to uphold the highest standards of cybersecurity to safeguard critical infrastructure and data transmissions. The FCC’s decision reflects a growing recognition of the cybersecurity challenges faced by undersea cable operators and underscores the need for robust protective measures to fortify the resilience of vital communication networks.
As cybersecurity threats continue to evolve and intensify, industry stakeholders, regulatory bodies, and businesses must collaborate closely to strengthen cybersecurity posture, mitigate risks, and combat malicious actors seeking to exploit vulnerabilities in critical infrastructure. The recent incidents underscore the critical importance of proactive cybersecurity measures and vigilant response strategies to safeguard against the ever-evolving cyber threat landscape.