AidInfoSec Report an attack

Attack Database /

Attack detail

Attack Date Location
January 2022 United States of America, Philippines, Pakistan, Kazakhstan, Indonesia, India
Target Attack category
Unknown Active attack
Surface Type
Multiple: Hotel systems that maintain the registration information for guests; Hotel Wifi platforms. Mixed threat attack

Additional notes on attack

"uploading malicious code to their computers through infiltrated hotel WiFi networks, as well as through spear-phishing and P2P attacks.", "Cybercriminals used zero-day exploits in Adobe Flash and other popular products by renowned vendors [..] also sending compromised emails to employees of state and non-profit organizations.." Attack Chain Information can be found - https://www.zscaler.com/blogs/security-research/new-darkhotel-apt-attack-chain-identified

Harm Notes
Reputational harm, Unknown Kaspersky will not name the hotels but says they've been uncooperative in assisting with the investigation.
Future harms
Reputational harm
Actor type Actor name(s)
Unknown Darkhotel
Attacker agenda Attacker location
Other: Agenda is unknown, but attack being targeted and perpetrated by highly sophisticated actor suggests direct or third party agenda beyond sporadic attacking. "a strong actor named Darkhotel has performed a number of successful attacks against high-profile individuals, employing methods and techniques that go well beyond typical cybercriminal behavior. This threat actor has operational competence, mathematical and crypto-analytical offensive capabilities, and other resources that are sufficient to abuse trusted commercial networks and target specific victim categories with strategic precision.” (Kaspersky Lab) Taiwan , o, c, j, k