Installing a Flash update over hotel Wi-Fi might be more dangerous than you think. Researchers at Kaspersky Lab have discovered a new group of advanced attackers that looked to steal trade secrets by compromising hotel wireless networks. Dubbed "Darkhotel," the group targeted CEOs and other top executives from companies doing business in Asia, catching them in luxury hotels that offered expensive rooms but little in the way of digital security.
The attackers often knew a target's room number and full name
The attackers start by gaining control over the hotel's in-house Wi-Fi network, giving them the tools for a classic man-in-the-middle attack. From there, they would offer the target a fake update — usually made up to look like an Adobe, Windows or Google update — which would download password-harvesting software as well as a key logger to track the suspect's movements. Once the attackers had gained access to the target's accounts, the tools were deleted so as to leave no trace of the attack.
Little is known about the attackers themselves, but they are still at large and appear to be well-funded and well-organized. According to Kaspersky's research, the Darkhotel group often knew a target's room number, full name, and length of stay before they arrived, suggesting a strong intelligence background. The group's tools are also far beyond your average cybercriminal. "This threat actor has operational competence, mathematical and crypto-analytical offensive capabilities, and other resources that are sufficient to abuse trusted commercial networks," said Kaspersky researcher Kurt Baumgartner in the report. As a result, Darkhotel seems more likely to be the work of a government than a rogue corporation or organized crime group.