Darkhotel Attackers Target CEOs

Hackers
have developed a scheme to steal sensitive information from top
executives by penetrating the Wi-Fi networks of luxury hotels,
security researchers said Monday.






Dubbed
the “Darkhotel APT,” the threat actors use three different
malware distribution methods, including malicious Wi-Fi networks,
booby-trapped P2P torrents, and highly customized spear phishing,
Kaspersky Lab noted in research paper. 






Kaspersky
said about 90 percent of the infections appear to be located in
Japan, Taiwan, China, Russia and South Korea, but that the executives
targeted include those traveling from the United States and other
countries.







“The
more interesting traveling targets include top executives from the US
and Asia doing business and investment in the (Asia-Pacific) region.”






The
attackers’ methods include the use of zero-day exploits to target
executives in spear-phishing attacks as well as a kernel-mode
keystroke logger to siphon data from victim machines. They also
managed to crack weak digital signing keys to generate certificates
for signing their malware, in order to make malicious files appear to
be legitimate software. 






Obviously,
we’re not dealing with an average actor,” says Raiu. “This is a
top-class threat actor. Their ability to do the kernel-mode key
logger is rare, the reverse engineering of the certificate, the
leveraging of zero days—that puts them in a special category.”






These
types of attacks were first recorded in 2007, but activity spiked in
August 2010 and has continued through to this year, the research
found. Executives from electronics makers, pharmaceutical companies
and military organizations were among the targets.






The
key-logging tool’s code is written in Korean, but Kaspersky said this
did not necessarily mean the hackers were from Korea. It was also
difficult at this stage in the investigation to tell if the attacks
were state-backed, Raiu added.






The
number of hotels that have been hit is also unknown. So far the
researchers have found fewer than a dozen hotels with infection
indicators. “Maybe there are some hotels that … use to be
infected and we just cannot learn about that because there are no
traces,” the network-management executive says. 






The
company worked with Kaspersky to scour all of the hotel servers it
manages for any traces of malware and are “fairly confident that
the malware doesn’t sit on any hotel server today.” But that is
just one network-management company. Presumably, the DarkHotel
operation is still active on other networks.

Ehacking Staff
With more than 50 global partners, we are proud to count the world’s leading cybersecurity training provider. EH Academy is the brainchild of Ehacking, which has been involved in the field of training since the past Five years and continues to help in creating professional IT experts.

Most Popular

How to Install Kali Linux on VirtualBox [Windows Host] in 2020

Kali Linux is a Debian based Linux distribution, released on the 13th March 2013 as a complete rebuild of BackTrack Linux. It is one of...

Acunetix v13 Release Introduces Groundbreaking Innovations

The newest release of the Acunetix Web Vulnerability Scanner further improves performance and premieres best-of-breed technologies London, United Kingdom – February 5, 2019 – Acunetix,...

What is Ethical Hacking, how to be an Ethical Hacker

Hacking is the process of discovering vulnerabilities in a system and using these found vulnerabilities by gaining unauthorized access into the system to perform...

Basic steps to ensure security Online!

Security concerns are growing day by day due to the growing interconnectivity and technology. Drastic things can happen if you be a little careless...