Executives getting hacked in luxury hotels, study finds

If you think your secrets are safe in your luxury suite, you should maybe think again: hackers are stealing sensitive information from top business executives by penetrating the Wi-Fi networks of high-end hotels, a computer security vendor says.

A report this week by Kaspersky Lab says that espionage campaign called "Darkhotel" has "lurked in the shadows for at least four years while stealing sensitive data from selected corporate executives traveling abroad."

"The crew never goes after the same target twice," the company said, "they perform operations with surgical precision, getting all the valuable data they can from the first contact, deleting traces of their work and melting into the background to await the next high profile individual."

Darkhotel employs techniques that go well beyond typical cybercriminal behavior– Kurt Baumgartner, Kaspersky Lab

The most recent targets include top executives from the US and Asia doing business in the Asia-Pacific region. Around 90% of the infections appear to be located in Japan, Taiwan, China, Russia and South Korea.

CEOs, senior vice presidents, sales and marketing directors and top R&D staff have all been targeted, said the company, adding that the attackers left a footprint in a string within their code "pointing to a Korean-speaking actor".

Kurt Baumgartner, Kaspersky Lab’s principal security researcher, said Darkhotel employs techniques that "go well beyond typical cybercriminal behavior".

"This threat actor," he said, "has operational competence, mathematical and crypto-analytical offensive capabilities, and other resources that are sufficient to abuse trusted commercial networks and target specific victim categories with strategic precision."

Kaspersky Lab said its researchers visited incident destinations with "honeypot machines", which failed to draw Darkhotel attacks. 

"Further work demonstrated just how careful these attackers were to hide their activity," the company said. "As soon as a target was effectively infected, they deleted their tools from the hotel network staging point, maintaining a hidden status."

Kaspersky Lab said victims were from various sectors including electronics manufacturing, private equity, pharmaceuticals, automotive, even law enforcement and military services.

The company said business travellers should always regard software updates as suspicious, and use a Virtual Private Network (VPN) provider when accessing public or semi-public Wi-Fi.

Story for GCR? Get in touch via email: [email protected]

Latest articles in News