DarkHotel Attack Targets High-Profile Executives Staying at Luxury Hotels
Corporate executives traveling in Asia and staying in a hotel should be extremely careful the next time they want to use Internet and connect to a hotel’s Wi-Fi network, having in mind that they have not already been hacked during their stay.
Security research firm Kaspersky Lab has revealed, that the attackers have been active for approximately seven years now, executing accurate attacks against targeted guests at various luxury hotels in Asia, moreover infecting victims over P2P networks and with spear-phishing attacks.
The attacker group was named as DarkHotel. This group of attackers has been active since at least 2007, exploiting numerous highly sophisticated attack methods and pedestrian techniques to entrap victims, however the hotel hacks seem to be a new way of attacking high-value targets.
The most of the attacks, according to the report, are happening in China, Japan, Taiwan, South Korea and Russia, with top executives being from the USA and Asia among the targets of recent attacks.
No specific hotels are named where the attacks are happening, the hackers gain access to guests computers when they connect to a hotel’s wireless network.
Kaspersky Labs are providing a more detailed explanation on their report about how exactly the DarkHotel attack works.
The attackers wait till the victim connects to the hotel’s Wi-Fi network where he or she needs to submit a room number and surname at the log-in form. The attackers are waiting for this and instantly notice when this happens on the network compromised by them. The victims are then tricked to download and install a backdoor that is concealed in what looks like a legitimate software update, for example such as Adobe Flash, Google Toolbar or Windows Messenger. The unaware executive downloads and after installation infects his machine with a backdoor, spying software made by DarkHotel group.
That is it, according to the report, that is all the hackers need and from there on they can infect computers with Trojans, keyloggers and any other software made to steal passwords, monitor keystrokes and gather other private information. While usually corporate executives are the target of the attacks of DarkHotel, the aim here seems to be to steal delicate corporate information or gain access to corporate networks.
There are no traces left of the attack once the hack is over, all the marks of an attack are neatly removed and unaware victims go about their usual lives not having even a little clue that sensitive data about them and their corporations has been stolen. According to Kaspersky Labs, the hackers seem to never hit the same target twice.
Alongside these targeted attacks the hackers also spread the Darkhotel malware. These indiscriminate malware attacks mixed with targeted ones are becoming more and more popular. Targeted attack main purpose is to compromise high-profile victim and botnet-style operations are used for mass surveillance and other tasks.
It was not said on the report exactly what companies and executives have been targeted by DarkHotel group, it was only said that the victims scope a wide range of industries, starting from electronics manufacturers to pharmaceuticals to other non-governmental organizations. According to the Kaspersky report almost 90 percent of DarkHotel infections were located in China, Japan, Taiwan, South Korea and Russia, however the malicious software has also been located all over Europe and USA.
When staying in a hotel or just simply using a public Wi-Fi connection you should restrain from downloading updates or any other kind of software. It is also extremely crucial to use a VPN service while connected to these networks. NordVPN is more then prepared to provide a solid layer of protection for your connection while you are traveling and using hotel’s network or just simply connected to a public Wi-Fi network.