DarkHotel
Medium ConfidenceHigh ThreatTapaoux • APT-C-11 • DUBNIUM • Zigzag Hail • Fallout Team
DarkHotel is a highly sophisticated and elusive threat actor group that is believed to be of South Korean origin and has been active since at least 2004. The group is notorious for its unique and targeted attacks against high-profile individuals, including corporate executives, government officials, and other influential figures. DarkHotel's primary modus operandi involves compromising the Wi-Fi networks of luxury hotels to deliver malware to its targets. This method allows the group to intercept sensitive data, such as login credentials and confidential documents, as the victims connect to the internet. In addition to their hotel-based attacks, DarkHotel is also known to employ other tactics, such as spear-phishing campaigns and the distribution of malware through peer-to-peer (P2P) file-sharing networks. The group's malware arsenal includes a variety of sophisticated tools, such as the Tapaoux Trojan and the Inexsmar malware, which are designed to evade detection and maintain persistence on compromised systems. DarkHotel's operations are characterized by a high degree of technical expertise, including the use of zero-day exploits and advanced obfuscation techniques. The group's primary motivations appear to be espionage and data theft, with a focus on gathering intelligence from a wide range of industries, including defense, government, and technology.
DarkHotel is a highly sophisticated and elusive threat actor group that is believed to be of South Korean origin and has been active since at least 2004. The group is notorious for its unique and targeted attacks against high-profile individuals, including corporate executives, government officials, and other influential figures. DarkHotel's primary modus operandi involves compromising the Wi-Fi networks of luxury hotels to deliver malware to its targets. This method allows the group to intercept sensitive data, such as login credentials and confidential documents, as the victims connect to the internet. In addition to their hotel-based attacks, DarkHotel is also known to employ other tactics, such as spear-phishing campaigns and the distribution of malware through peer-to-peer (P2P) file-sharing networks. The group's malware arsenal includes a variety of sophisticated tools, such as the Tapaoux Trojan and the Inexsmar malware, which are designed to evade detection and maintain persistence on compromised systems. DarkHotel's operations are characterized by a high degree of technical expertise, including the use of zero-day exploits and advanced obfuscation techniques. The group's primary motivations appear to be espionage and data theft, with a focus on gathering intelligence from a wide range of industries, including defense, government, and technology.
Target Sectors
Target Regions
Attributed to State-Sponsored (South Korea). Attribution confidence: Medium.
Future Outlook
DarkHotel is expected to continue operations targeting Government.
First observed activity
Ongoing operations