DarkHotel explained
Fullname: | Dark Hotel |
Common Name: | DarkHotel |
Technical Name: | - Trojan:Win32/Tapaoux.[Letter] (Microsoft)
- Troj/Tapaoux-AD [1] (Sophos)
- Trojan.Tapaoux [2] (Symantec)
|
Aliases: | Tapaoux |
Type: | APT |
Origin: | South Korea |
DarkHotel (or Darkhotel) is a targeted spear-phishing spyware and malware-spreading campaign that appears to be selectively attacking business hotel visitors through the hotel's in-house WiFi network. It is characterized by Kaspersky Lab as an advanced persistent threat.[3] [4]
The attacks are specifically targeted at senior company executives,[5] using forged digital certificates, generated by factoring the underlying weak public keys of real certificates, to convince victims that prompted software downloads are valid.[6]
Uploading malicious code to hotel servers, attackers are able to target specific users who are guests at luxury hotels primarily in Asia and the United States. Zetter (2014) explains that the group, dubbed DarkHotel or Tapaoux, has also been actively infecting users through spear-phishing and Peer-to-Peer networks since 2007 and using those attacks to load key logging and reverse engineering tools onto infected endpoints.[7] Targets are aimed primarily at executives in investments and development, government agencies, defense industries, electronic manufacturers and energy policy makers.[8] Many victims have been located in Korea, China, Russia and Japan.[9]
Once attackers are in the victim's computer(s), sensitive information such as passwords and intellectual property are quickly stolen before attackers erase their tools in hopes of not getting caught in order to keep the high level victims from resetting all of the passwords for their accounts.[10]
In July 2017 Bitdefender published new research about Inexsmar,[11] another version of the DarkHotel malware, which was used to target political figures instead of business targets.
Notes and References
- Web site: Detailed Analysis - Troj/Tapaoux-AD - Viruses and Spyware - Advanced Network Threat Protection | ATP from Targeted Malware Attacks and Persistent Threats | sophos.com - Threat Center. www.sophos.com. 2021-10-22. 2021-08-17. https://web.archive.org/web/20210817023734/https://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Troj~Tapaoux-AD/detailed-analysis.aspx. live.
- Web site: Trojan.Tapaoux . 2021-10-22 . 2019-12-14 . https://web.archive.org/web/20191214004000/https://www.symantec.com/security-center/writeup/2011-111518-0144-99 . dead .
- Web site: The Darkhotel APT: A Story of Unusual Hospitality. Kaspersky Labs. November 10, 2014. November 10, 2014. November 10, 2014. https://web.archive.org/web/20141110144145/https://securelist.com/blog/research/66779/the-darkhotel-apt/. live.
- Web site: Darkhotel malware is targeting travelling execs via hotel WiFi. https://web.archive.org/web/20141110141412/http://www.theinquirer.net/inquirer/news/2380394/darkhotel-malware-is-targeting-travelling-execs-via-hotel-wifi. unfit. November 10, 2014. Carly Page. The Inquirer. November 10, 2014.
- Web site: DarkHotel hackers targets company bosses in hotel rooms. Leo Kelion. BBC News. 2014-11-11. 2021-10-22. 2021-08-15. https://web.archive.org/web/20210815153337/https://www.bbc.co.uk/news/technology-30001424. live.
- Web site: "DarkHotel" uses bogus crypto certificates to snare Wi-Fi-connected execs. Ars Technica. 2014-11-10. Dan Goodin. 2017-06-14. 2016-12-23. https://web.archive.org/web/20161223175456/http://arstechnica.com/security/2014/11/darkhotel-uses-bogus-crypto-certificates-to-snare-wi-fi-connected-execs/. live.
- Zetter. Kim. DarkHotel: A Sophisticated New Hacking Attack Targets High-Profile Hotel Guests. Wired. 6 June 2017.
- Web site: Kovacs. Eduard. Darkhotel APT Uses Hacking Team Exploit to Target Specific Systems. Security Week. 12 June 2017. 9 September 2017. https://web.archive.org/web/20170909141346/http://www.securityweek.com/darkhotel-apt-uses-hacking-team-exploit-target-specific-systems. live.
- Web site: 'DarkHotel' Hacks Target Business Travelers: Report. NBC News. 12 June 2017. 12 March 2016. https://web.archive.org/web/20160312031109/http://www.nbcnews.com/tech/security/dark-hotel-hacks-target-business-travelers-report-n245266. live.
- News: DarkHotel- a spy campaign in Luxury hotels. Techplus Media Pvt. Ltd. IT Var News. 28 Nov 2014.
- Web site: Inexsmar: An unusual DarkHotel campaign. Bitdefender Labs. 2021-10-22. 2021-05-25. https://web.archive.org/web/20210525030514/https://labs.bitdefender.com/2017/07/inexsmar-an-unusual-darkhotel-campaign/. live.