Darkhotel

This well rounded actor conducts its malicious acts around the globe, but mostly stays in the Asia region. They obtained their name from compromising hotel Wifi systems, but have recently switched to the bittorrenting sector. They also go by the alias Tapaoux

As stated above, Dark Hotel is known for compromising hotel networks to target high profile individuals.

Tools

Since there are many easy ways to compromise a hotel network, Darkhotel has a field day when it comes to choosing which tool to use. Between using a keylogger, installing a strain of malware on the guest computer, USB rubber ducky in the back of the printer, or connecting directly to the in-room routers.

Techniques

Keyloggers are mostly used for initial compromise, as hotels have computers publically accessible to the general public. If that doesn’t do anything, a simple malware downloader could be installed to gather system information to further supplement the recon stage of a hotel compromise.

Tactics

The main purpose for attacking hotels is to target any high profile people that may stay or have stayed there. They were known to be responsible for the zero day CVE-2010-0188;  which used a redirect from internet explorer (which could be easily installed on a public computer). Lastly, once enough recon data is collected on said target, they like to deliver spear phishing attacks based around the targets input compromised hotel data.

Targets

Mostly offshore automotive, chemical and cosmetic companies have been targeted. They have also been recently thought to go after law enforcement  and NGO’s (non-governmental organizations), as well. Most of these companies have been located in Japan, Taiwan, Korea, and China.