Darkhotel steals data from traveling executives
Darkhotel sounds like it ought to be one of those budget hotel chains you find on the outskirts of towns -- possibly one built without windows to keep costs down.
In fact researchers at Kaspersky Lab have revealed that it's an espionage campaign, which has been operating for almost a decade, that steals sensitive data from corporate executives traveling abroad.
It works by hitting its targets while they're staying in luxury hotels. Never going after the same target twice it operates with surgical precision, obtaining all the valuable data it can from the first contact, then deleting traces and fading into the background to await the next high profile victim. 90 percent of the infections seen by Kaspersky have been in Japan, Taiwan, China, Russia and Hong Kong, but it has also detected infections in Germany, the USA, Indonesia, India and Ireland.
The Darkhotel perpetrator places software on hotel networks and the unsuspecting victim downloads it with the welcome package when connecting to the hotel's Wi-Fi. Once on a system, the backdoor may be used to further download more advanced tools such as keyloggers and Trojans. These tools collect data about the system and the anti-malware software installed on it, steal all keystrokes, and hunt for cached passwords and other private information. Victims lose sensitive information likely to be the intellectual property of the businesses they represent. After the operation, the attackers carefully delete their tools from the hotel network and go back into hiding.
Kurt Baumgartner, principal security researcher at Kaspersky Lab, says, "For the past few years, a strong actor named Darkhotel has performed a number of successful attacks against high-profile individuals, employing methods and techniques that go well beyond typical cybercriminal behavior. This threat actor has operational competence, mathematical and crypto-analytical offensive capabilities, and other resources that are sufficient to abuse trusted commercial networks and target specific victim categories with strategic precision".
Kaspersky Lab recommends that when traveling, all networks should be treated as suspicious. Executives are advised to use VPN to get a secure network channel to their company systems and to treat any software updates they may be offered when on unfamiliar networks as potentially harmful.
You can find more information about Darkhotel on the Kaspersky Lab blog.