Dark hotel
STATUS:
Active
TYPE:
Backdoor
DISCOVERY:
February 2014
TARGETED PLATFORMS:
Windows
FIRST KNOWN SAMPLE:
2007
NUMBER OF TARGETS:
3,001-5,000
TOP TARGETED COUNTRIES:
Over 90% of it occurs in the top five countries: Japan, Taiwan, China, Russia and South Korea.
THE WAY
OF PROPAGATION
Social engineering
Peer-to-peer sharing networks
PURPOSE/
FUNCTIONS
Cyberespionage
Surveillance
SPECIAL
FEATURES
Targeted attacks resulted in C-suite victims: CEOs, Sr Vice Presidents, Sales and Marketing Directors and top R&D staff
The gang uses both targeted attacks and botnet style operations.
Use of zero-day exploits targeting Internet Explorer and Adobe products
Use of an advanced, low-level keylogger to steal confidential data.
Malicious code signed using stolen digital certificates.
A long-running campaign –Darkhotel has been operating for almost a decade.
TARGETS
Automotive
Business individuals
Defense industrial base
Investments
Intelligence agencies
Military
Non-governmental organizations
Private companies
Specific individuals
Law enforcement agencies
Pharmaceutical
Electronics manufacturing
ARTEFACTS/
ATTRIBUTION
The attackers left a footprint in a string within their malicious code pointing to a Korean-speaking actor.
