Between June and August 2025, global cybersecurity and digital privacy company Kaspersky discovered a new wave of cyberattacks by a threat group called RevengeHotels, which targets hotels to gain access to guests’ payment information.
The group has been operating since 2015 and has since upgraded its methods. The threat actor is now using AI to make their attacks more effective and reach additional regions. Analysis shows that many of the new malicious programs used in these attacks contain code likely generated with AI, making them more sophisticated and harder to detect.
While hotels in Brazil have been the main target to date, such cyberattacks have also been reported in other countries around the globe.
How the attacks work
The threat actor sends phishing emails directly to hotel staff, often disguised as requests for reservation or job applications. Once a hotel employee interacts with these emails, malware called VenomRAT is installed on the hotel’s systems, giving attackers access to guests’ payment data and other sensitive information. The emails often look convincing, coming from legitimate-looking websites.
“Сybercriminals are increasingly using AI to create new tools and make their attacks more effective. This means that even familiar schemes, like phishing emails, are becoming harder to spot for a common user. For hotel guests, this translates into higher risks of card and personal data theft, even when you trust well-known hotels,” said Lisandro Ubiedo, expert at Kaspersky’s Global Research and Analysis Team.
To stay safe, Kaspersky recommends:
- Even if an email seems friendly, treat links and attachments with care. To protect your company, use solutions that provide real-time protection, threat visibility, investigation and response capabilities of EDR and XDR for organisations of any size and in any industry.
- Cybercriminals often distribute fake email messages mimicking email notifications from an online store or a bank, luring a user to click on a malicious link and distribute malware. If attackers are specifically targeting your organisation, the email text may be more customised, mimicking services or scenarios familiar to your company. With that in mind, fine-tune your anti-spam settings and never open attachments sent by an unknown sender.
- Try not to open unexpected files sent by you massively. They may be ransomware or even spyware, even attachments from official-looking emails.
Cyber attacks threatening travel
This report comes the same week as a large-scale cyber attack on Collins Aerospace, a key provider of airline check-in and boarding technology, threw passenger operations into chaos at several of Europe’s busiest airports.
The incidents underscore a growing cyber threat to the travel industry. French aerospace giant Thales recently reported a 600 per cent surge in airline and airport cyber attacks between 2024 and 2025, warning that every link in aviation’s digital chain – from navigation to ground systems – remains vulnerable. The July breach of Qantas customer data highlighted how hackers are increasingly targeting high-value travel networks.
