Suspected DarkHotel APT resurgence targets luxury Chinese hotels

A new wave of suspected activity conducted by the DarkHotel advanced persistent threat (APT) group has been disclosed by researchers.

Last week, Trellix researchers Thibault Seret and John Fokker said that a malicious campaign has been targeting luxury hotels in Macao, China since November 2021, and based on clues in the attack vector and malware used, the team suspects DarkHotel is the culprit. 

DarkHotel is a South Korean APT that uses tailored spear phishing attacks. The APT has been active in the hospitality, government, automotive, and pharmaceutical industries since at least 2007 and tends to focus on surveillance and data theft, with business and industry leaders marked as targets. 

If you’re looking to compromise high-value targets such as CEOs and other executives, it makes sense to target high-end locations they are likely to book in with. According to Trellix, major hotel chains in Macao, China — including the Grand Coloane Resort and Wynn Palace — are now among the APT’s victims. 

DarkHotel’s campaign began with a spear phishing email sent to appear to be from the “Macao Government Tourism Office” to management staff in the luxury hotels, including front office and HR employees, who were likely to have access to

Read More: