November 10, 2014 by

Darkhotel APT: An Elite Spying Group Targeting Executives

Kaspersky Lab researchers shared the news of a new APT group, named “Darkhotel,” that infiltrated many hotel networks over the years. The report indicates the Darkhotel crew was active for at least four years. These hackers, Kaspersky notes, are extremely skilled, performing attacks with “surgical precision.” Never going after the same target twice. The hackers know what they want, they obtain all the valuable data during the first contact, delete all traces, disappear, and wait for the next prey.


The Darkhotel maintains an undetected presence on a hotel’s network, even on systems thought to be safe and secure. When an executive logs in to the hotel’s wifi network, he is asked to provide the room number and the last name. Once that’s done, the attackers can see his presence on the network and the attack can begin. They first trick him into downloading a software update, such as Adobe Flash Player plugin update or a Google updates, that installed a backdoor on the victim’s computer.

The backdoor can now install a variety of other malware and tools needed for extraction of the target’s data. These tools can than detect the type of antivirus and antimalware software installed on the system to effectively circumvent them, record every keystroke, search for cached passwords in web browsers, and steal log in credentials for email and social media, along with other private information. Although many of Darkhotel’s attacks are targeted, they attack indiscriminately as well.

“The mix of both targeted and indiscriminate attacks is becoming more and more common in the APT scene, where targeted attacks are used to compromise high profile victims, and botnet-style operations are used for mass surveillance or performing other tasks such as DDoSing hostile parties or simply upgrading interesting victims to more sophisticated espionage tools,” notes Kurt Baumgartner, the Principal Security Researcher at Kaspersky America.

You can also watch a short video depicting the attack scenario:


About the author

Image of Author

LIFARS is the global leader in Digital Forensics and Cyber Resiliency Services. Our experience spans two decades working on high profile events, often in concert with Law Enforcement Agencies around the world. Our proprietary methodology derives directly and indirectly from our experience working with and for U.S. Intelligence Agencies, Interpol, Europol, and NATO. We are solely dedicated to Cyber Resiliency and thus pay close attention to all aspects of our clients’ engagements experience while providing a strategic and integrated array of services to minimum risk and disruption while protecting your brand.

Related articles

Popular Freeware Site Found Hosting Bitcoin Stealing Malware

A dangerous bitcoin stealing malware that swaps user accounts with that of the attacker was...

Read more arrow_forward

Microsoft Sees Cryptocurrency Miners as an ‘Increasing Threat’

Software giant Microsoft has labelled malicious cryptocurrency miners as an increasing threat as...

Read more arrow_forward

1.7Tbps: Internet Registers its Biggest DDoS Attack Ever

A distributed denial of service (DDoS) attack mitigatory and network security company has confirmed...

Read more arrow_forward