Group: Darkhotel

From enterprise
Jump to: navigation, search
ID G0012
Aliases Darkhotel

Darkhotel is a threat group that has been active since at least 2004. The group has conducted activity on hotel and business center Wi‑Fi and physical connections as well as peer-to-peer and file sharing networks. The actors have also conducted spearphishing.1

Alias Descriptions

  • Darkhotel - 1

Techniques Used

  • Code Signing - Darkhotel has used code-signing certificates on its malware that are either forged due to weak keys or stolen.1