Specially-designed “Darkhotel” APT uncovered by Kaspersky in hotels across the world
High-powered executives staying in luxury foreign hotels are being targeted by a new security threat which looks to spy into their devices, a report has revealed.
Following a four year-long investigation, web security firm Kaspersky has revealed that the “Darkhotel” APT (Advanced Persistent Threat) is able to spy into the devices of business leaders, attacking them as they try to connect to a compromised hotel Wi-Fi network.
Upon connecting, the threat tricks the user into downloading a backdoor masquerading as a legitimate software update, which infects the device with Darkhotel.
This spying software then hunts through the victim’s cached passwords, login credentials and steals keystrokes entered on the device, with the aim of accessing the intellectual property of the business entities the user represents.
Darkhotel has already infected networks at luxury hotels around the world, meaning that thousands of users could have potentially been compromised and had their details stolen, with Kaspersky saying that travellers to the APAC (Asia-Pacific) region are particularly at risk.
The firm says that the highest volume of offensive activity on hotel networks started in August 2010 and continued through 2013, although it is also investigating some 2014 hotel network events. Much of the threats appears to have come from Japan, Taiwan, China, Russia and South Korea, although these countries are typically high distributors of malware.
The threat appears to be a highly-selective spear-phishing tool, as Kaspersky researchers visiting the infected hotels with so-called honeypot devices, designed to try and lure out attackers, remained unaffected.
Among the victims identified by Kaspersky were executives from the private equity, pharmaceutical and electronics manufacturing industries. Worryingly, however, the attackers were also able to infect figures from law enforcement, military services and non-governmental organisations.
Victims also often continued to be hacked after they had left the infected hotel, with the attackers keeping up their efforts as their targets travelled around the world.
“The mix of both targeted and indiscriminate attacks is becoming more and more common in the APT scene, where targeted attacks are used to compromise high profile victims, and botnet-style operations are used for mass surveillance or performing other tasks such as DDoSing hostile parties or simply upgrading interesting victims to more sophisticated espionage tools” said Kurt Baumgartner, Principal Security Researcher at Kaspersky Labs.
APT threats often go undetected by many users due to the complex methods, often implemented covertly over long periods of time, used by hackers to get devices infected. For this reason, they are a perfect way for cybercriminals to attack large businesses or organisations such as government bodies.
What do you know about Internet security? Find out with our quiz!