According to research by Palo Alto’s Unit 42, the most recent campaign by advanced persistent threat Cloaked Ursa (aka APT 20, Nobelium, or Cozy Bear), “demonstrate[s] sophistication and the ability to rapidly integrate popular cloud storage services to avoid detection.” Cloaked Ursa is believed to be affiliated with the Russian government.

Unit 42 found that

Last Friday (November 20, 2015), Starwood Hotels announced that it was hit with a payment card malware attack affecting 50 of its North American hotels.

The president of Starwood  Hotels Americas stated in a letter to customers dated Friday, “Based on the investigation, we discovered that the point of sale systems at certain Starwood Hotels