DarkHotel APT | Breaking Cybersecurity News | The Hacker News

Luxury hotels in the Chinese special administrative region of Macau were the target of a malicious spear-phishing campaign from the second half of November 2021 and through mid-January 2022. Cybersecurity firm Trellix  attributed  the campaign with moderate confidence to a suspected South Korean advanced persistent threat (APT) tracked as DarkHotel, building on research previously published by  Zscaler  in December 2021. Believed to be active since 2007, DarkHotel has a history of striking "senior business executives by uploading malicious code to their computers through infiltrated hotel Wi-Fi networks, as well as through spear-phishing and P2P attacks," Zscaler researchers Sahil Antil and Sudeep Singh said. Prominent sectors targeted include law enforcement, pharmaceuticals, and automotive manufacturers. The attack chains involved distributing email messages directed to individuals in executive roles in the hotel, such as the vice president of human resources,...

A seven-year-old cyber espionage campaign has targeted senior level executives from large global companies by using a specialized Advanced Persistent Threat (APT) , zero-day exploits, and well-developed keyloggers to extract information from them when they stay in luxury hotels during their business trips. The researchers at Moscow-based security firm Kaspersky Lab dubbed the threat as " DarkHotel APT ," appear to have the ability to know in advance when a targeted executive checks in and checks out of a hotel. The group has been operating in Asia since from 2009 but there have been infections recorded in the United States, South Korea, Singapore, Germany, Ireland and many others, as well. It uses hotel Wi-Fi networks to target elite executives at organisations in manufacturing, defense, investment capital, private equity, automotive and other industries. The group has access to zero day vulnerabilities and exploits, and it used them to infect victims. Threa...

Vulnerability Management (VM) has long been a cornerstone of organizational cybersecurity. Nearly as old as the discipline of cybersecurity itself, it aims to help organizations identify and address potential security issues before they become serious problems. Yet, in recent years, the limitations of this approach have become increasingly evident.  At its core, Vulnerability Management processes remain essential for identifying and addressing weaknesses. But as time marches on and attack avenues evolve, this approach is beginning to show its age. In a recent report, How to Grow Vulnerability Management into Exposure Management (Gartner, How to Grow Vulnerability Management Into Exposure Management, 8 November 2024, Mitchell Schneider Et Al.), we believe Gartner® addresses this point precisely and demonstrates how organizations can – and must – shift from a vulnerability-centric strategy to a broader Exposure Management (EM) framework. We feel it's more than a worthwhile read an...