This article is more than 1 year old

Feeling safe in your executive hotel suite, Mr CEO? Well, DON'T

Corporate bosses clobbered on luxury venue networks by 'Darkhotel'

Corporate bosses are coming under attack from a shadowy new group that spreads malware by hijacking the networks of luxury hotels.

Kaspersky Labs' Global Research & Analysis Team has issued a warning about an advanced persistent threat designed by a crew called Darkhotel, who target top execs as they relax in plush hotel rooms.

Darkhotel is an "unusually murky, long standing and well-resourced threat actor exhibiting a strange combination of characteristics", the Kaspersky team wrote.

The hackers spear-phish targets with "highly advanced" flash zero-day exploits capable of dodging the latest defences.

"The Darkhotel APT has maintained a capability to use hotel networks to follow and hit selected targets as they travel around the world," the researchers wrote.

"These travelers are often top executives from a variety of industries doing business and outsourcing in the APAC region. Targets have included CEOs, senior vice presidents, sales and marketing directors and top R&D staff. This hotel network intrusion set provides the attackers with precise global scale access to high value targets."

The attacks are thought to have begun in August 2010 and continued ever since, reaching fever pitch last year.

Some 90 per cent of the infections took place in Japan, Taiwan, China, Russia and South Korea.

The Darkhotel malware is capable of infecting peer-to-peer networks, meaning it can be shared between anyone whose computers are capable of connecting to each other. It can also "abuse weakly implemented digital certificates", allowing the crew to trick their way into systems.

Once a hotel's network is compromised, Darkhotel can effectively remove any evidence of its presence, neatly removing every trace and successfully dodging detection.

So far, the malware has been used to target a number of different industries including electronics firms, hedge funds, big pharma companies and defence organisations.

"Considering their well-resourced, advanced exploit development efforts and large, dynamic infrastructure, we expect more Darkhotel activity in the coming years," Kaspersky warned. ®

More about


Send us news

Other stories you might like