DarkHotel APT Targets Wynn, Macao Hotels to Rip Off Guest Data

A DarkHotel phishing campaign breached luxe hotel networks, including Wynn Palace and the Grand Coloane Resort in Macao, a new report says.

An advanced persistent threat (APT) group has been targeting luxury hotels in Macao, China with a spear-phishing campaign aimed at breaching their networks and stealing the sensitive data of high-profile guests staying at resorts, including the Grand Coloane Resort and Wynn Palace.

A threat research report from Trellix “cautiously” identified the South Korean DarkHotel APT group as the culprit behind the attacks.

The researchers said the spear-phishing campaign began at the tail end of November, with emails loaded with malicious Excel macros being sent to ranking hotel management with access to hotel networks, including human resources and office managers.

In one attack wave, phishing emails were sent to 17 different hotels on Dec. 7 and faked to look like they were sent from the Macao Government Tourism Office, to gather information about who was staying at the hotels. The emails asked the recipient to open an attached Excel file labeled “passenger inquiry.”

“Please open the attached file with enable content and specify whether the people were staying at the hotel or not?” the malicious

Read More: https://threatpost.com/darkhotel-apt-wynn-macao-hotels/178989/