An information hacking campaign targeting high-profile executives travelling through the APAC region has been revealed.
Dubbed ‘Darkhotel’ by Kaspersky, the attackers infiltrate luxury hotels' wi-fi to steal sensitive corporate data from travelling executives.
Targeted businesspeople connect to the hotel wi-fi and are prompted to download fake updates from programs such as Google Toolbar, Adobe Flash and Windows Messenger. Once downloaded, the backdoor installs an advanced keylogger, an information-stealing module and the Trojan ‘Karba’.
After looking for private information, cached passwords and login credentials, the attackers delete these hacking tools and avoid suspicion.
A representative from Kaspersky said the attackers have “operational competence, mathematical and crypto-analytical offensive capabilities, and other resources that are sufficient to abuse trusted commercial networks and target specific victim categories with strategic precision”.
As well as targeting travelling executives from the US and Asia, Darkhotel malware can also be spread through P2P networks. It’s estimated that Darkhotel has been downloaded over 30,000 times in the last six months. The majority of these infections were identified in Japan, Taiwan, Russia, China and Hong Kong.
Kaspersky principal security researcher, Kurt Baumgartner, said these attacks are becoming more common: “Targeted attacks are used to compromise high profile victims, and botnet-style operations are used for mass surveillance or performing other tasks such as DDoSing hostile parties or simply upgrading interesting victims to more sophisticated espionage tools.”
To avoid attacks, Kaspersky recommends being cautious of software updates when travelling and choosing a virtual private network provider.
-1.jpg&w=100&c=1&s=0)
.png&w=100&c=1&s=0)
