November 10, 2014 by

Darkhotel APT: An Elite Spying Group Targeting Executives

Kaspersky Lab researchers shared the news of a new APT group, named “Darkhotel,” that infiltrated many hotel networks over the years. The report indicates the Darkhotel crew was active for at least four years. These hackers, Kaspersky notes, are extremely skilled, performing attacks with “surgical precision.” Never going after the same target twice. The hackers know what they want, they obtain all the valuable data during the first contact, delete all traces, disappear, and wait for the next prey.


The Darkhotel maintains an undetected presence on a hotel’s network, even on systems thought to be safe and secure. When an executive logs in to the hotel’s wifi network, he is asked to provide the room number and the last name. Once that’s done, the attackers can see his presence on the network and the attack can begin. They first trick him into downloading a software update, such as Adobe Flash Player plugin update or a Google updates, that installed a backdoor on the victim’s computer.

The backdoor can now install a variety of other malware and tools needed for extraction of the target’s data. These tools can than detect the type of antivirus and antimalware software installed on the system to effectively circumvent them, record every keystroke, search for cached passwords in web browsers, and steal log in credentials for email and social media, along with other private information. Although many of Darkhotel’s attacks are targeted, they attack indiscriminately as well.

“The mix of both targeted and indiscriminate attacks is becoming more and more common in the APT scene, where targeted attacks are used to compromise high profile victims, and botnet-style operations are used for mass surveillance or performing other tasks such as DDoSing hostile parties or simply upgrading interesting victims to more sophisticated espionage tools,” notes Kurt Baumgartner, the Principal Security Researcher at Kaspersky America.

You can also watch a short video depicting the attack scenario:


About the author

Image of Author

LIFARS is the global leader in Digital Forensics and Cyber Resiliency Services. Our experience spans two decades working on high profile events, often in concert with Law Enforcement Agencies around the world. Our proprietary methodology derives directly and indirectly from our experience working with and for U.S. Intelligence Agencies, Interpol, Europol, and NATO. We are solely dedicated to Cyber Resiliency and thus pay close attention to all aspects of our clients’ engagements experience while providing a strategic and integrated array of services to minimum risk and disruption while protecting your brand.

Related articles

Google Research: Phishing Poses the Greatest Cybersecurity Threat

A new study by Google has revealed insights to better explain how emails and other accounts are...

Read more arrow_forward

Iowa Student Arrested for Changing Grades Using Keylogger Malware

A former student at the University of Iowa has been arrested in his hometown of Denver after using...

Read more arrow_forward

Hackers Steal Compromising Photos from High-Profile Plastic Surgeon

Hackers have broken into a high-profile plastic surgeon in London to steal a cache of sensitive...

Read more arrow_forward