AI-Driven RevengeHotels Cyberattacks Put Global Hotel Industry at Risk

A new wave of sophisticated cyberattacks targeting hotels worldwide has been uncovered by Kaspersky’s Global Research and Analysis Team (GReAT), with findings showing that the criminal group RevengeHotels has adopted artificial intelligence (AI) to enhance its operations. The group, which has been active since 2015, is now deploying AI-generated code in its malware, making attacks harder to detect and more damaging to the hospitality sector.

Between June and August 2025, researchers tracked multiple intrusions attributed to RevengeHotels. The campaign primarily affected hotels in Brazil, but similar incidents have also been recorded in other regions. With South Africa and Kenya serving as major tourist destinations and Nigeria a hub for business travel, cybersecurity experts warn that African countries could face heightened risks if preventive measures are not enforced.

How the Attacks Unfold

RevengeHotels relies heavily on phishing techniques, sending deceptive emails directly to hotel staff. These emails often masquerade as legitimate reservation requests, customer inquiries, or even job applications.

Once a staff member opens an attachment or clicks on a link, the system is infected with VenomRAT, a remote access trojan (RAT) that gives cybercriminals control of hotel networks. From there, attackers can harvest guests’ payment card details, personal data, and other sensitive information.

According to Lisandro Ubiedo, cybersecurity expert at Kaspersky GReAT:

“Cybercriminals are increasingly using AI to create new tools and make their attacks more effective. This means that even familiar schemes, like phishing emails, are becoming harder to spot for a common user. For hotel guests, this translates into higher risks of card and personal data theft, even when you trust well-known hotels.”

Why AI Changes the Game

AI allows attackers to refine their phishing strategies, create convincing fake websites, and generate malicious code that adapts to existing security defenses. Unlike traditional phishing attempts, these AI-assisted schemes are polished, grammatically correct, and often tailored to industry-specific contexts, making them far more convincing.

This level of sophistication raises the stakes for hotel operators, who must now contend not only with standard cyber threats but with AI-enhanced attacks capable of bypassing traditional detection systems.

Risks for Africa’s Hospitality Industry

Hotels across Africa could become prime targets due to their reliance on digital booking systems and large volumes of sensitive customer data. Popular tourism hubs like Cape Town, Durban, Nairobi, and Mombasa, along with business centers such as Lagos and Abuja, are especially vulnerable.

An attack on hotel infrastructure does not only affect guests but can also disrupt online booking systems, payment processing, and customer trust—all vital for economies dependent on tourism and business travel.

Kaspersky’s Recommendations

To combat these emerging threats, Kaspersky advises hotels and businesses to adopt multi-layered cybersecurity strategies:

• Exercise caution with emails: Treat all links and attachments with suspicion, even if the sender appears familiar.

• Adopt advanced security solutions: Kaspersky recommends its Kaspersky Next product line, which integrates EDR (Endpoint Detection and Response) and XDR (Extended Detection and Response) tools for real-time protection, threat visibility, and incident response.

• Strengthen antispam filters: Fake emails mimicking banks, online stores, or booking platforms are increasingly common. Customised phishing campaigns may specifically target organisations with industry-specific language.

• Do not open unexpected files: Even if they come from official-looking emails, attachments could contain spyware, ransomware, or trojans.

• Educate employees: Frontline staff should be trained to identify phishing attempts and escalate suspicious emails before interacting with them.

Global Lessons for a Shared Threat

The RevengeHotels case demonstrates how cybercrime is evolving rapidly in an era of AI-driven tools. While hotels are the current focus, experts caution that the attack techniques could be replicated across other industries where customer data and financial information are highly valued.

For Africa, where tourism and hospitality are critical economic drivers, failure to address these vulnerabilities could undermine years of investment in the sector. Proactive collaboration between governments, hotel associations, and cybersecurity providers will be essential to safeguarding both customer trust and national economies.