Advertisment

Corporate guests at luxury hotels are the new favorites of cyber spies

Darkhotel is an elite cyber spying crew famous for infiltrating Wi-Fi networks in luxury hotels to compromise selected corporate executives

author-image
Soma Tah
New Update
kaspersky

BANGALORE, INDIA: “Darkhotel”, an elite spying crew famous for infiltrating Wi-Fi networks in luxury hotels to compromise selected corporate executives, has been using a zero-day vulnerability from Hacking Team’s collection since the beginning of July, finds out Kaspersky Lab.

Advertisment

This new development is noticed after the public leak of files belonging to Hacking Team on July 5 – the company known for selling “legal spyware” to some governments and law enforcement agencies – a number of cyber espionage groups have started using them, for their own malicious purposes. This includes several exploits targeting Adobe Flash Player and Windows OS.

Kaspersky Lab estimates that over the past few years it may have gone through half a dozen or more zero-days targeting Adobe Flash Player, apparently investing significant money in supplementing its arsenal.

In 2015, the Darkhotel group extended its geographical reach around the world while continuing to spearphish targets in North and South Korea, Russia, Japan, Bangladesh, Thailand, India, Mozambique and Germany.

Advertisment

In attacks dated 2014 and earlier, the group misused stolen code-signing certificates and employed unusual methods like compromising hotel Wi-Fi to place spying tools on targets’ systems.

In 2015, many of these techniques and activities have been maintained, but Kaspersky Lab has also uncovered new variants of malicious executable files, the ongoing use of stolen certificates, relentless spoofing social-engineering techniques and the deployment of Hacking Team’s zero-day vulnerability.

“Darkhotel seems to have burned through a pile of Flash zero-day and half-day exploits over the past few years, and it may have stockpiled more to perform precise attacks on high-level individuals globally. From previous attacks we know that Darkhotel spies on CEOs, senior vice presidents, sales and marketing directors and top R&D staff,” said Kurt Baumgartner, Principal Security Researcher at Kaspersky Lab.

Since last year, the group has worked hard to enhance its defensive techniques, for example by expanding its anti-detection technology list.  The 2015 version of the Darkhotel downloader is designed to identify anti-virus technologies from 27 vendors, with the intention of bypassing them.

cyber-security tech-news