‘Darkhotel’ ring spying on execs travelling abroad

Top executives from North American and Asian companies doing business and investing in the Asia Pacific region are in the sights of a cybercrime ring hacking into hotel Internet networks to steal passwords and industrial secrets, according to security software maker Kaspersky Lab.

The company’s global research and analysis team said the so-called “Darkhotel” espionage gang has been operating for at least four years stealing sensitive data from corporate executives staying in luxury hotels while travelling abroad.

“For the past few years, a strong actor named Darkhotel has performed a number of successful attacks against high-profile individuals, employing methods and techniques that go well beyond typical cybercriminal behaviour,” according to Kurt Baumgartner, principal security researcher at Kaspersky Lab.

Over the years, the gang has been able to embed and maintain intrusion tools inside hotel networks, even those that have been considered private and secure. The crew goes after well-selected executives and never go after the same target twice, according to the report.

Once a victim connects to the hotel’s Wi-Fi network and submits his room number and surname during login, the victim is tricked into downloading and installing a backdoor that is masked as an update for legitimate software such as Adobe Flash, Google Toolbar or Windows Messenger. The company warned that Darkhotel attacks are still evolving.

bright_The Dark Hotel_min10-253741

The “welcome package” is actually surveillance software that downloads other data collection tools such as key loggers, the Trojan Karba and an information stealing module. The tools track keystrokes and search for cached passwords in Chrome, Firefox, Gmail and Internet Explorer as well as login credentials for social networks like Facebook and Twitter.

Kaspersky said it has products that can detect and neutralize malicious programs and their variants used by the Darkhotel attackers.

In the course of its investigations, Kaspersky said its researchers uncovered a “footprint” left by the attackers in a string of malicious code that “pointed to a Korean-speaking actor.”

About 90 per cent of the infections appear to be located in China, Japan, Taiwan, Russia and South Korea. Infections have also been recorded in Hong Kong, the Philippines, Indonesia, Singapore, United Arab Emirates, the United States, Kazakhstan, Germany, Ireland, Serbia, Lebanon, Pakistan, Greece, Italy, Belgium and Mexico.

Kaspersky recommends that travellers should view any network, even those that are semi-private, as potentially dangerous.

To minimize the exposure, the company said travellers should:

  • Choose a Virtual Private Network (VPN) provider – such a network at least has an encrypted communication channel – when accessing public or semi-public Wi-Fi;
  • When traveling, always regard software updates as suspicious. Confirm that the proposed update installer is signed by the appropriate vendor;
  • Make sure your Internet security solution includes proactive defense against new threats rather than just basic antivirus protection.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Nestor E. Arellano
Nestor E. Arellano
Toronto-based journalist specializing in technology and business news. Blogs and tweets on the latest tech trends and gadgets.

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now