NEW: Group Profiler — instant APT intel lookup. Try it →

← threatfilter.dev / all groups / Darkhotel

Darkhotel

G0012 South Korea Espionage MITRE ATT&CK →

Also known as: DUBNIUM · Zigzag Hail

Overview

Darkhotel is a suspected South Korean threat group that has targeted victims primarily in East Asia since at least 2004. The group's name is based on cyber espionage operations conducted via hotel Internet networks against traveling executives and other select guests. Darkhotel has also conducted spearphishing campaigns and infected victims through peer-to-peer and file sharing networks.

Targets

Private sector

Regions

China · Japan · Russia · South Korea · Taiwan

Capabilities

  • Exploitation of public-facing / client applications — ATT&CK T1203

TTPs — 24 techniques across 9 tactics

Reporting (3)