Dark hotel

  • First known sample

    2007
  • Discovery

    2014
  • Number of targets

    3000-10000
  • Current status

    Active
  • Type

    Backdoor
  • Targeted platforms

    Windows
  • TOP targeted countries

    CIS , Japan , Russia , South Korea , Taiwan
  • The way of propagation

    Peer-to-peer sharing networks , Social engineering
  • Purpose/Functions

    Cyberespionage , Surveillance
  • Special features
    Targeted attacks resulted in C-suite victims: CEOs, Sr Vice Presidents, Sales and Marketing Directors and top R&D staff
  • Targets

    Automotive , Business individuals , Defense industrial base , Electronics manufacturing , Intelligence agencies , Investments , Law enforcement agencies , Military , Non-governmental organizations , Pharmaceutical , Private companies , Specific individuals
  • Artefacts/Attribution
    The attackers left a footprint in a string within their malicious code pointing to a Korean-speaking actor.
  • Description

    A well-resourced threat group that initially became known for its attacks against high-profile targets by infiltrating hotel networks. Their toolkit is diverse, and they have, in the past, infected victims’ computers using malicious updates, forged certificates, and spear-phishing. Their cyberespionage campaigns are targeted primarily at top executives from a variety of industries doing business and outsourcing in the APAC region. This is one of the longest-running actors, with activity dating back to 2007.

    Additional information