Nation-State Actor

DarkHotel

South Korea • Active since 2007

DarkHotel hackers target business executives when they stay at fancy hotels. They hack the hotel WiFi so when guests connect, they get tricked into installing fake software updates that are actually malware.

Overview

DarkHotel is a threat group that targets business executives staying at luxury hotels in Asia. They compromise hotel WiFi networks to deliver targeted malware to high-value guests.

Also Known As

Tapaoux, Dubnium, Tungsten Bridge

Target Industries

Technology, Defense, Energy, Automotive, Finance

Target Regions

Asia, Japan, Korea, China, Russia

Is your business exposed?

Tactics, Techniques & Procedures

  • Hotel WiFi compromise
  • Fake software updates
  • Spear-phishing
  • Zero-day exploitation
  • Keylogging

Known Tools & Malware

DarkHotel, Tapaoux, Karba, Pioneer, Inexsmar

Notable Campaigns

Luxury Hotel Campaign (2014)

Targeted executives at luxury Asian hotels through compromised WiFi.

Flash Zero-Day Attacks (2015-2016)

Used multiple Flash zero-days for targeted attacks.

MITRE ATT&CK Techniques

T1557, T1036, T1566.001, T1203, T1056.001

Defense Recommendations

  1. 1.

    Use VPN when on hotel WiFi

  2. 2.

    Disable auto-update prompts on travel devices

  3. 3.

    Provide secure mobile hotspots for executives

Related Threat Actors

Kimsuky

Is your business exposed?

Check if your company data is circulating on the dark web

Free scan • No credit card required

Privacy PolicyYour Privacy Choices