A cybercrime syndicate known as “Darkhotel” has found a way to use exploits stolen from Hacking Team to steal data from corporate executives staying in luxury hotels.
First uncovered in 2014 by Kaspersky Lab, Darkhotel has been targeting business executives for the past eight years via spearphishing attacks. According to Kaspersky, the group has been particularly focused on high-ranking executives at electronics and pharmaceutical companies, along with employees at chemical companies, automotive manufacturers, law enforcement and military and non-governmental organizations.
“Darkhotel seems to have burned through a pile of Flash zero-day and half-day exploits over the past few years, and it may have stockpiled more to perform precise attacks on high-level individuals globally,” Kurt Baumgartner, principal security researcher at Kaspersky Lab, told Wired UK.
The latest round of attacks is apparently powered by a zero-day exploit in Adobe Flash that used to be a main part of Hacking Team’s spyware services. By leveraging a website with malware, hackers have managed to infect executives’ machines via the flaw in the Adobe software.
Hacking Team’s zero-day flaw was leaked online July 5 when the Italian spyware contractor suffered a major breach. According to reports, Darkhotel is not a client of Hacking Team, but the group did begin making use of Hacking Team’s exploits almost immediately after it was leaked.
The attacks began in Asia but have since traveled the globe to Germany and Mozambique. The attack functions when criminals jack a hotel Wi-Fi network and use it to install spyware on attached computers. The group also uses stolen certificates, social engineering and a variety of other zero-day techniques to sneak into business computers.