Jump to content

Main menu Navigation ●Main page ●Contents ●Current events ●Random article ●About Wikipedia ●Contact us ●Donate Contribute ●Help ●Learn to edit ●Community portal ●Recent changes ●Upload file

●Create account ●Log in ●Create account ● Log in Pages for logged out editors learn more ●Contributions ●Talk

(Top) 1 References

DarkHotel

●한국어 ●日本語 Edit links ●Article ●Talk ●Read ●Edit ●View history Tools Actions ●Read ●Edit ●View history General ●What links here ●Related changes ●Upload file ●Special pages ●Permanent link ●Page information ●Cite this page ●Get shortened URL ●Download QR code ●Wikidata item Print/export ●Download as PDF ●Printable version Appearance From Wikipedia, the free encyclopedia

DarkHotel
Technical name	Trojan:Win32/Tapaoux.[Letter] (Microsoft) Troj/Tapaoux-AD ^[1] (Sophos) Trojan.Tapaoux ^[2] (Symantec)
Alias	Tapaoux
Type	APT
Origin	South Korea

DarkHotel (orDarkhotel) is a targeted spear-phishing spyware and malware-spreading campaign that appears to be selectively attacking business hotel visitors through the hotel's in-house WiFi network. It is characterized by Kaspersky Lab as an advanced persistent threat.^[3]^[4]

The attacks are specifically targeted at senior company executives,^[5] using forged digital certificates, generated by factoring the underlying weak public keys of real certificates, to convince victims that prompted software downloads are valid.^[6]

Uploading malicious code to hotel servers, attackers are able to target specific users who are guests at luxury hotels primarily in Asia and the United States. Zetter (2014) explains that the group, dubbed DarkHotel or Tapaoux, has also been actively infecting users through spear-phishing and Peer-to-Peer networks since 2007 and using those attacks to load key logging and reverse engineering tools onto infected endpoints.^[7]

Targets are aimed primarily at executives in investments and development, government agencies, defense industries, electronic manufacturers and energy policy makers.^[8] Many victims have been located in Korea, China, Russia and Japan.^[9]

Once attackers are in the victim's computer(s), sensitive information such as passwords and intellectual property are quickly stolen before attackers erase their tools in hopes of not getting caught in order to keep the high level victims from resetting all of the passwords for their accounts.^[10]

In July 2017 Bitdefender published new research about Inexsmar,^[11] another version of the DarkHotel malware, which was used to target political figures instead of business targets.

References

[edit]

^ "Detailed Analysis - Troj/Tapaoux-AD - Viruses and Spyware - Advanced Network Threat Protection | ATP from Targeted Malware Attacks and Persistent Threats | sophos.com - Threat Center". www.sophos.com. Archived from the original on 2021-08-17. Retrieved 2021-10-22.

^ "Trojan.Tapaoux". Archived from the original on 2019-12-14. Retrieved 2021-10-22.

^ "The Darkhotel APT: A Story of Unusual Hospitality". Kaspersky Labs. November 10, 2014. Archived from the original on November 10, 2014. Retrieved November 10, 2014.

^ Carly Page (November 10, 2014). "Darkhotel malware is targeting travelling execs via hotel WiFi". The Inquirer. Archived from the original on November 10, 2014.{{cite web}}: CS1 maint: unfit URL (link)

^ Leo Kelion (2014-11-11). "DarkHotel hackers targets company bosses in hotel rooms". BBC News. Archived from the original on 2021-08-15. Retrieved 2021-10-22.

^ Dan Goodin (2014-11-10). ""DarkHotel" uses bogus crypto certificates to snare Wi-Fi-connected execs". Ars Technica. Archived from the original on 2016-12-23. Retrieved 2017-06-14.

^ Zetter, Kim. "DarkHotel: A Sophisticated New Hacking Attack Targets High-Profile Hotel Guests". Wired. Retrieved 6 June 2017.

^ Kovacs, Eduard. "Darkhotel APT Uses Hacking Team Exploit to Target Specific Systems". Security Week. Archived from the original on 9 September 2017. Retrieved 12 June 2017.

^ "'DarkHotel' Hacks Target Business Travelers: Report". NBC News. Archived from the original on 12 March 2016. Retrieved 12 June 2017.

^ "DarkHotel- a spy campaign in Luxury hotels". IT Var News. Techplus Media Pvt. Ltd. 28 Nov 2014.

^ "Inexsmar: An unusual DarkHotel campaign". Bitdefender Labs. Archived from the original on 2021-05-25. Retrieved 2021-10-22.

Hacking in the 2010s

← 2000s

Timeline

2020s →

Major incidents

2010	Operation Aurora (publication of 2009 events) Australian cyberattacks Operation Olympic Games Operation ShadowNet Operation Payback
2011	Canadian government DigiNotar DNSChanger HBGary Federal Operation AntiSec PlayStation network outage RSA SecurID compromise
2012	LinkedIn hack Stratfor email leak Operation High Roller
2013	South Korea cyberattack Snapchat hack Cyberterrorism attack of June 25 2013 Yahoo! data breach Singapore cyberattacks
2014	Anthem medical data breach Operation Tovar 2014 celebrity nude photo leak 2014 JPMorgan Chase data breach 2014 Sony Pictures hack Russian hacker password theft 2014 Yahoo! data breach
2015	Office of Personnel Management data breach Hacking Team Ashley Madison data breach VTech data breach Ukrainian Power Grid Cyberattack SWIFT banking hack
2016	Bangladesh Bank robbery Hollywood Presbyterian Medical Center ransomware incident Commission on Elections data breach Democratic National Committee cyber attacks Vietnam Airport Hacks DCCC cyber attacks Indian Bank data breaches Surkov leaks Dyn cyberattack Russian interference in the 2016 U.S. elections 2016 Bitfinex hack
2017	SHAttered 2017 Macron e-mail leaks WannaCry ransomware attack Westminster data breach Petya and NotPetya 2017 Ukraine ransomware attacks Vault7 data breach Equifax data breach Deloitte breach Disqus breach
2018	Trustico Atlanta cyberattack SingHealth data breach
2019	Sri Lanka cyberattack Baltimore ransomware attack Bulgarian revenue agency hack WhatsApp snooping scandal Jeff Bezos phone hacking incident

Hacktivism

Advanced
persistent threats

Individuals

Major vulnerabilities
publicly disclosed

Evercookie (2010)
iSeeYou (2013)
Heartbleed (2014)
Shellshock (2014)
POODLE (2014)
Rootpipe (2014)
Row hammer (2014)
SS7 vulnerabilities (2014)
WinShock (2014)
JASBUG (2015)
Stagefright (2015)
DROWN (2016)
Badlock (2016)
Dirty COW (2016)
Cloudbleed (2017)
Broadcom Wi-Fi (2017)
EternalBlue (2017)
DoublePulsar (2017)
Silent Bob is Silent (2017)
KRACK (2017)
ROCA vulnerability (2017)
BlueBorne (2017)
Meltdown (2018)
Spectre (2018)
EFAIL (2018)
Exactis (2018)
Speculative Store Bypass (2018)
Lazy FP state restore (2018)
TLBleed (2018)
SigSpoof (2018)
Foreshadow (2018)
Dragonblood (2019)
Microarchitectural Data Sampling (2019)
BlueKeep (2019)
Kr00k (2019)

Malware

2010	Bad Rabbit Black Energy 2 SpyEye Stuxnet
2011	Coreflood Alureon Duqu Kelihos Metulji botnet Stars
2012	Carna Dexter FBI Flame Mahdi Red October Shamoon
2013	CryptoLocker DarkSeoul
2014	Brambul Black Energy 3 Carbanak Careto DarkHotel Duqu 2.0 FinFisher Gameover ZeuS Regin
2015	Dridex Hidden Tear Rombertik TeslaCrypt
2016	Hitler Jigsaw KeRanger Necurs MEMZ Mirai Pegasus Petya and NotPetya X-Agent
2017	BrickerBot Kirk LogicLocker Rensenware Triton WannaCry XafeCopy
2018	VPNFilter
2019	Grum Joanap NetTraveler R2D2 Tinba Titanium ZeroAccess botnet

Retrieved from "https://en.wikipedia.org/w/index.php?title=DarkHotel&oldid=1222015726" Categories: ●Spyware ●Malware ●South Korean advanced persistent threat groups Hidden categories: ●CS1 maint: unfit URL ●Articles with short description ●Short description with empty Wikidata description ●This page was last edited on 3 May 2024, at 10:55 (UTC). ●Text is available under the Creative Commons Attribution-ShareAlike License 4.0; additional terms may apply. By using this site, you agree to the Terms of Use and Privacy Policy. Wikipedia® is a registered trademark of the Wikimedia Foundation, Inc., a non-profit organization. ●Privacy policy ●About Wikipedia ●Disclaimers ●Contact Wikipedia ●Code of Conduct ●Developers ●Statistics ●Cookie statement ●Mobile view