Espionage software steals data from top executives
MANILA, Philippines - A spying software of an espionage campaign called "Darkhotel" has been stealing sensitive data from corporate executives for almost four years.
The espionage crew targets top executives, such as chief executive officers, senior vice presidents and sales and marketing directors, traveling abroad while staying in luxury hotels.
A report from the Global Research and Analysis Team of security software Kaspersky Lab revealed that the spying operations is done with "surgical precision" such that no traces are observed after stealing valuable data.
This threat actor has operational competence, mathematical and crypto-analytical offensive capabilities, and other resources that are sufficient to abuse trusted commercial networks and target specific victim categories with strategic precision," Kaspersky Lab Principal Security Researcher Kurt Baumgartner said.
The attackers wait for the target to connect to the hotel Wi-Fi network, submit his room number and surname upon login and then tricks the unsuspecting executive to to download the "welcome package" which is actually a backdoor or spying software.
HOW TO STAY AWAY FROM THE DARKHOTEL TRICKS
The backdoor will pretend to be an update for softwares such as Google Toolbar, Adobe Flash or Windows Messenger while it collects data, anti-malware software and cached passwords.
“The mix of both targeted and indiscriminate attacks is becoming more and more common in the APT scene, where targeted attacks are used to compromise high profile victims, and botnet-style operations are used for mass surveillance or performing other tasks such as DDoSing hostile parties or simply upgrading interesting victims to more sophisticated espionage tools,” Baumgartner said.
Kaspersky Lab discovered the inconsistency of Darkhotel's malicious activity and suggested measures to prevent being hacked.
"The attackers left a footprint in a string within their malicious code pointing to a Korean-speaking actor," the report said.
When traveling, individuals are encouraged to choose a virtual private network provider, always consider software updates as suspicious and make sure a proactive defense is installed in your computer rather that the basic antivirus protection.
