‘Darkhotel’, an elite spying crew uncovered by Kaspersky Lab experts in 2014 and famous for infiltrating Wi-Fi networks in luxury hotels to compromise selected corporate executives, seems to be busy trying to get through to commercial and diplomatic targets recently. The team of hackers, Kaspersky Lab has discovered, has been using leaked Hacking Team files since the beginning of July.
Hacking Team, if you didn’t already know, is a firm known for selling “legal spyware” to some governments and law enforcement agencies. However, recent reports have pointed that these ‘legal’ tools that Hacking Team provides are being used by cyberespionage groups for their own malicious purposes. The exploits include hacks targeting the Adobe Flash Player and the Windows Operating System.
The notorious leak is said to have taken place on the 5th of July and Darkhotel has been using a zero-day vulnerability from them since. The elite group is not known to have any sort of business or resource connections with Hacking Team, so we can conclude that the files were just grabbed by the teams once they were made publicly available.
The tool that Darkhotel has gotten its hands on is described to be a Flash exploit from the Hacking Team dump. The group is supposedly re-purposing this tool currently for achieving their own motives. The Darkhotel team host the tool on a web server and email selected targets with a link to it. When the targets visit the link, the Flash code delivers a downloader and malicious information stealer components to the victim system. That’s where the party for the spyware begins and the victims data is sent to the hackers.
Until now, the Darkhotel has targeted victims across many countries across the globe. The locations of these victims are as follows:
- North Korea
- Russia
- South Korea
- Japan
- Bangladesh
- Thailand
- India
- Mozambique
- Germany
The team mainly targets diplomatic and commercial targets including Automotive and Business individuals, Defense industrial base, Investments agents, Intelligence agencies, Military personnel and bases, Non-governmental organizations, Private companies, Specific individuals, Law enforcement agencies, Pharmaceutical and Electronics manufacturing agencies.
The attacks, for one, haven’t been targeted to the masses. There have been a little less than a dozen attacks precisely targeting specific individuals or agencies.
So, next time you receive a mail with a link attachment, be careful. The link may lead you to a Flash script which may download spyware on your system which could potentially exfiltrate sensitive business planning, communications, and operations information on your system.