Darkhotel

Overview

Darkhotel is a suspected South Korean threat group that has targeted victims primarily in East Asia since at least 2004. The group's name is based on cyber espionage operations conducted via hotel Internet networks against traveling executives and other select guests. Darkhotel has also conducted spearphishing campaigns and infected victims through peer-to-peer and file sharing networks.

Targets

Private sector

Regions

China · Japan · Russia · South Korea · Taiwan

Capabilities

• Exploitation of public-facing / client applications — ATT&CK T1203

TTPs — 24 techniques across 9 tactics

Reporting (3)

• How Microsoft names threat actors — Microsoft
• Microsoft Digital Defense Report FY20 — Microsoft
• Reverse engineering DUBNIUM – Stage 2 payload analysis — Microsoft