Home / Early Warning / Cybersecurity Highlights / Darkhotel: APT for hotel guests

Darkhotel: APT for hotel guests

Kaspersky has published today a report on an APT, named Darkhotel, which would have been active since 2007. This "new" threat, mostly present in the Asia-Pacific region, has been used since then for obtaining privileged information from executives and high-profile employees hosted in high category hotels.
In order to get access to the systems of their victims, the attackers employed several techniques. Among them, it stands out the distribution of malware in the shape of signed updates (compromising certificates with weak cryptographic settings, or stealing them), the use of multiple 0day vulnerabilities and the use of p2p networks as mechanisms for malware distribution.