Cyber espionage is the weapon par excellence in the 21th century and that’s why we’ll talk about the infamous DarkHotel. Even an innocent mobile application is capable of finding secrets that careless users can reveal, leaving aside surveillance campaigns specifically directed at representatives of large companies and government organizations.
Darkhotel, which has been active for years in a large number of Asian hotels. On the other hand, the smart and professional spies involved in this lengthy operation have created a complete toolkit consisting of various methods that can be used to break into the victim’s computer.
The FBI first mentioned the attacks on the guests of these hotels around 2012. However, the malware used in the course of the Darkhotel’s activity (also known as Tapaoux) has been appearing here and there since 2007. After Having studied the logarithms of the C&C (Command and Control) servers used to manage the campaign, security researchers have discovered that the connections date back to January 1, 2009. Taking this into account, the campaign appears to be active since some time ago.
How DarkHotel worked
The main method of infiltrating the victim’s computer was through the Wi-Fi network in a large number of luxury hotels. Cybercriminals used zero-day exploits in Adobe Flash and other popular products from reputable vendors. Although that was not the only method used by criminals for their operations, which suggests that they were employees of the hotels. The alternative is a Trojan distributed via torrent clients as part of a compromised archive of Chinese adult comics.
Interestingly, the culprits were extremely cautious and devised a series of measures to prevent malware detection. First, they ensured that the virus had a long incubation period: the first time the Trojan connected to C & C’s servers was 180 days after it infiltrated systems. Second, the spyware program had a self-destruct protocol if the system language was changed to Korean.
That is why it is very important not to trust public networks, especially those people who like to travel to various parts of the world since not only can it affect their information, but also their daily life can be affected as this is spyware and one does not realize this.
The criminals were operating mainly in Japan, as well as in Taiwan and China. However, Kaspersky Lab managed to detect attacks in other countries, including some quite far from the territories of interest to the accused.
As mentioned above, it is always suggested to have security programs to detect such malicious programs and take measures against them.
