DarkHotel

The DarkHotel threat group is a South Korean threat actor that has targeted victims in East Asia since 2004. So why are they called DarkHotel? The threat group’s name is based upon all of their cyberattacks, which heavily rely on the free Wi-Fi connections in hotels. DarkHotel has used these connections to infect targeted executives and high-profile guests to compromise and steal data. DarkHotel is also known as Tapaoux, the name of the trojan malware utilized by the threat group in several documented attacks.

DarkHotel has also moved its targets to political figures from their luxury hotel connections.

Once those hotel networks are compromised, they can attack high-profile executives, wealthy individuals, and political figures.

A recent DarkHotel phishing campaign breached the Wi-Fi networks of the Wynn Palace and the Grand Coloane Resort in Macao. DarkHotel has been targeting hotels in Macao, China, with a spear-phishing campaign. The goal is to compromise the networks and steal the data associated with various wealthy and high-profile guests.

In one campaign, over 17 groups of phishing emails were sent accordingly to targets at 17 hotels. They were designed to appear as tourist communications from the Macao Government Tourism Office. Of course, they requested the targeted victims open an attached Excel file labeled as containing passenger inquiry information.

DarkHotel has a long history of targeting victims of Chinese nationality. For example, in April 2020, DarkHotel went after a significant Chinese virtual private network service provider SangFor. Multiple Chinese government agencies were using SangFor to protect their communications traffic flow. In less than a month, over 200 endpoints had been compromised.

COVID-19 also created new opportunities for DarkHotel. For example, at the start of the COVID-19 pandemic, DarkHotel successfully targeted and compromised the systems of the World Health Organization.

Want to learn more? Check out our FREE Bugcrowd University to sharpen your hacking skills.

Organizations the world over need your help! Join our researcher community to connect with hundreds of organization programs focused on finding their security vulnerabilities. Our vast directory includes programs for all skill levels across many industries and from around the world.