UPDATED 07:15 EDT / NOVEMBER 11 2014

Darkhotel: Hackers selectively target top execs via hotel Wi-Fi in Asia

haunted hotelIn a report titled: The Darkhotel APT: A Story of Unusual Hospitality, security research firm, Kaspersky, details how hackers have been targeting high level executives using in-house Wi-Fi in hotels across Asia for some four years now.

According to the report, the hackers are highly selective when picking their victims and seem to track targets and strike when they sign into their hotel’s supposedly private and secure Wi-Fi network.

How do they do it?

Once the executives enter their room number and surname to access the hotel Wi-Fi they are tricked into downloading what appears to be valid updates of popular and common software such as Google Toolbar, Windows Messenger, Adobe Flash and others.

According to Kaspersky, once the backdoor has been created on a system it is used to download and install more advanced stealing tools such as a digitally-signed advanced keylogger, the Trojan ‘Karba’ and also an information-stealing module. These tools are then used to track and record keystrokes and gathers private information as well as cached passwords and user login credentials for a wide range of applications and services.

The attackers never seem to strike the same victim twice and delete their tools from the hotel network once they are done.

Who has been targeted?

In a blog post on Securelist regarding the report it is stated that, “About 90 percent of the infections appear to be located in Japan, Taiwan, China, Russia and South Korea.” According to the report infections, since 2008, number in the thousands, with targets including executives from Asia and the US doing business in the APAC region with a focus on CEOs, senior vice presidents, sales and marketing directors and top R&D staff.  Industries affected by the attack range across electronics manufacturing, investment capital and private equity, pharmaceuticals, automotive, defense, law enforcement and military and non-governmental organizations.

Who is behind it?

The report does not speculate or disclose who the perpetrator(s) might be, but in an interview, Kurt Baumgartner, principal security researcher at Kaspersky, said that “creating the malware would have required a well-financed, multiple-team effort by skilled hackers.”

How to protect yourself

Kaspersky says in the report that “We expect the Darkhotel crew to continue their activities against DIB, Government and NGO sectors.”

Kaspersky Lab offers the following tips to users to protect themselves:

  • Choose a Virtual Private Network (VPN) provider – you will get an encrypted communication channel when accessing public or semi-public Wi-Fi;
  • When traveling, always regard software updates as suspicious. Confirm that the proposed update installer is signed by the appropriate vendor.
  • Make sure your Internet security solution includes proactive defense against new threats rather than just basic antivirus protection.

Kaspersky says they are continuing their investigation and will publish updates as and when new information comes to light.

photo credit: Spatch via photopin cc

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU