Public WiFi networks in luxury hotels are being used to target top executives who are travelling on business
An espionage campaign known as ‘Darkhotel’ has been stealing sensitive data from travelling business executives via hotel WiFi networks for the past four years – and is still active today – it has emerged.
The Darkhotel campaign, which comprises both targeted attacks and botnet-style operations, specifically targets top executives staying in luxury hotels while on business trips, according to cyber security company Kaspersky Lab.
Once connected to a hotel’s Wi-Fi network, the attacker tricks the user into downloading a piece of malware masquerading as legitimate software onto their computer, infecting the device with the ‘Darkhotel’ spying software.
The software then hunts for the victim’s cached passwords, login credentials and steals keystrokes entered on the device, with the aim of accessing the intellectual property of the business entities the user represents.
The most recent travelling targets include chief executives, senior vice presidents, sales and marketing directors and top research and development staff doing business and investing in the Asia-Pacific region, according to Kaspersky.
The attackers never go after the same target twice; they perform operations with surgical precision, getting all the valuable data they can from the first contact, deleting traces of their work and melting into the background to await the next high profile individual.
“For the past few years, a strong actor named Darkhotel has performed a number of successful attacks against high-profile individuals, employing methods and techniques that go well beyond typical cybercriminal behaviour,” said Kurt Baumgartner, principal security researcher at Kaspersky Lab.
“This threat actor has operational competence, mathematical and crypto-analytical offensive capabilities, and other resources that are sufficient to abuse trusted commercial networks and target specific victim categories with strategic precision.”
Kaspersky Lab is currently working with relevant organisations to mitigate the problem. However, it said that, when travelling, any WiFi network – even semi-private ones in hotels – should be viewed as potentially dangerous.
It advises using a Virtual Private Network (VPN) provider where possible, always regarding software updates as suspicious, and making sure your internet security solution includes proactive defence against new threats.