Microsoft has reported a wave of cyberattacks targeting the hospitality industry in Asia and Europe since April of this year. The attacks involve malware distributed through .zip files named using a photo schema, which contain shortcut files disguised as images. When these files are opened by victims, they trigger a chain of attacks based on obfuscated PowerShell scripts, leading to the installation of a Node.js implant that persists in the system registry and communicates with command-and-control servers via non-standard ports. The attackers have used legitimate services like Calendly and Google’s URL redirector to send phishing emails, making them appear more credible. These emails were multilingual and included various lures related to guest complaints and room bookings to trick employees into opening malicious links and attachments. The second wave of attacks used more sophisticated techniques, including dynamically compiling .NET DLLs and expanding their C2 infrastructure to domains hosted behind Cloudflare protection.
Bias read (Center): The article focuses on a cybersecurity threat affecting the hospitality sector, providing technical details about the attack methods and the measures taken by Microsoft. There is no explicit political framing, bias, or commentary on governmental policies, officials, or political entities. The focus,





