Group: Darkhotel

From enterprise
Jump to: navigation, search
Darkhotel
Group
ID G0012
Aliases Darkhotel

Darkhotel is a threat group that has been active since at least 2004. The group has conducted activity on hotel and business center Wi‑Fi and physical connections as well as peer-to-peer and file sharing networks. The actors have also conducted spearphishing.1

Techniques Used

  • Taint Shared Content - Darkhotel uses a virus that propagates by infecting executables stored on shared drives.1
  • Code Signing - Darkhotel has used code-signing certificates on its malware that are either forged due to weak keys or stolen.1