DarkHotel (orDarkhotel) is a targetedspear-phishingspyware andmalware-spreading campaign that appears to be selectively attacking businesshotel visitors through the hotel's in-houseWiFi network. It is characterized byKaspersky Lab as anadvanced persistent threat.^[3][4]

The attacks are specifically targeted at senior company executives,^[5] using forgeddigital certificates, generated byfactoring the underlying weakpublic keys of real certificates, to convince victims that prompted software downloads are valid.^[6]

Uploadingmalicious code to hotel servers, attackers are able to target specific users who are guests at luxury hotels primarily inAsia and theUnited States. Zetter (2014) explains that the group, dubbed DarkHotel or Tapaoux, has also been actively infecting users throughspear-phishing andPeer-to-Peer networks since 2007 and using those attacks to loadkey logging andreverse engineering tools onto infected endpoints.^[7]

Targets are aimed primarily at executives in investments and development, government agencies, defense industries, electronic manufacturers andenergy policy makers.^[8] Many victims have been located inKorea,China,Russia andJapan.^[9]

Once attackers are in the victim's computer(s), sensitive information such aspasswords andintellectual property are quickly stolen before attackers erase their tools in hopes of not getting caught in order to keep the high level victims from resetting all of the passwords for their accounts.^[10]

In July 2017Bitdefender published new research about Inexsmar,^[11] another version of the DarkHotel malware, which was used to target political figures instead of business targets.

• Spyware
• Malware
• South Korean advanced persistent threat groups

• CS1: unfit URL
• Articles with short description
• Short description matches Wikidata