Kaspersky Lab Discovers ‘Darkhotel’, A Cyberespionage Group Using Leaked Hacking Team Files To Target Diplomats

6
[UPDATE] Kaspersky Lab Reportedly Faked A Malware For 10 Years To Fool Competitors

‘Darkhotel’, an elite spying crew uncovered by Kaspersky Lab experts in 2014 and famous for infiltrating Wi-Fi networks in luxury hotels to compromise selected corporate executives, seems to be busy trying to get through to commercial and diplomatic targets recently. The team of hackers, Kaspersky Lab has discovered, has been using leaked Hacking Team files since the beginning of July.

Hacking Team, if you didn’t already know, is a firm known for selling “legal spyware” to some governments and law enforcement agencies. However, recent reports have pointed that these ‘legal’ tools that Hacking Team provides are being used by cyberespionage groups for their own malicious purposes. The exploits include hacks targeting the Adobe Flash Player and the Windows Operating System.

The notorious leak is said to have taken place on the 5th of July and Darkhotel has been using a zero-day vulnerability from them since. The elite group is not known to have any sort of business or resource connections with Hacking Team, so we can conclude that the files were just grabbed by the teams once they were made publicly available.

The tool that Darkhotel has gotten its hands on is described to be a Flash exploit from the Hacking Team dump. The group is supposedly re-purposing this tool currently for achieving their own motives. The Darkhotel team host the tool on a web server and email selected targets with a link to it. When the targets visit the link, the Flash code delivers a downloader and malicious information stealer components to the victim system. That’s where the party for the spyware begins and the victims data is sent to the hackers.

Until now, the Darkhotel has targeted victims across many countries across the globe. The locations of these victims are as follows:

  • North Korea
  • Russia
  • South Korea
  • Japan
  • Bangladesh
  • Thailand
  • India
  • Mozambique
  • Germany

The team mainly targets diplomatic and commercial targets including Automotive and Business individuals, Defense industrial base, Investments agents, Intelligence agencies, Military personnel and bases, Non-governmental organizations, Private companies, Specific individuals, Law enforcement agencies, Pharmaceutical and Electronics manufacturing agencies.

The attacks, for one, haven’t been targeted to the masses. There have been a little less than a dozen attacks precisely targeting specific individuals or agencies.

So, next time you receive a mail with a link attachment, be careful. The link may lead you to a Flash script which may download spyware on your system which could potentially exfiltrate sensitive business planning, communications, and operations information on your system.

Recommended for you

  • [UPDATE] Kaspersky Lab Reportedly Faked A Malware For 10 Years To Fool Competitors
  • Naikon Attackers Infiltrating Nations For Geo-Political Intel For Years: Kaspersky
  • Cyberattack On The US Government Systems Swept 21.5 Million AccountsCyberattack On The US Government Systems Swept 21.5 Million Accounts
  • EXCLUSIVE : Kaspersky Lab Finds “Darwin Nuke” Vulnerability in OS X and iOSEXCLUSIVE : Kaspersky Lab Finds “Darwin Nuke” Vulnerability in OS X and iOS
  • Facebook Partners Up With Kaspersky To Secure Content On Its WebsiteFacebook Partners Up With Kaspersky To Secure Content On Its Website
  • DDoS Attacks Can Last For As Long As a Week: KasperskyDDoS Attacks Can Last For As Long As a Week: Kaspersky
  • Interpol's Global Complex for Innovation identifies dangerous malware in cryptocurrency transactionsInterpol’s Global Complex for Innovation identifies dangerous malware in cryptocurrency transactions
  • One MMS Can Get Your Android Phone Hacked Due To A New ‘StageFright' BugOne MMS Can Get Your Android Phone Hacked Due To A New ‘StageFright’ Bug