Darkhotel Cyberattacks Business Executives in Hotels


TexasBarToday_TopTen_Badge_Small (1)

Kaspersky identifies that Darkhotel is a group of attackers that “seems to know in advance when these individuals will arrive and depart from their high-end hotels. So, the attackers lay in wait until these travelers arrive and connect to the Internet.” The Kaspersky report issued on November 10, 2014 is entitled “THE DARKHOTEL APT A STORY OF UNUSUAL HOSPITALITY” and should be disturbing to everyone who travels, and particularly in Japan since “over 90% of it occurs in the top five countries: Japan, followed by Taiwan, China, Russia and Korea.”

eWeek reported that Darkhotel was a:

cyber-espionage group has compromised the computer systems of corporate executives by infecting the networks of the hotels where they typically stay and then serving up malware while they connected to the Internet.

Here is how Darkhotel spreads:

The Darkhotel APT’s precise malware spread was observed in several hotels’ networks, where visitors connecting to the hotel’s Wi-Fi were prompted to install software updates to popular software packages.

Of course, these packages were really installers for Darkhotel APT’s backdoors, added to legitimate installers from Adobe and Google. Digitally signed Darkhotel backdoors were installed alongside the legitimate packages.

The most interesting thing about this delivery method is that the hotels require guests to use their last name and room number to login, yet only a few guests received the Darkhotel package. When visiting the same hotels, our honeypot research systems couldn’t attract a Darkhotel attack. This data is inconclusive, but it points to misuse of check-in information.

By the tone of this Kaspersky Report apparently many travelers are unaware of the privacy threats from the likes of Darkhotel.

The publications contained in this site do not constitute legal advice. Legal advice can only be given with knowledge of the client's specific facts. By putting these publications on our website we do not intend to create a lawyer-client relationship with the user. Materials may not reflect the most current legal developments, verdicts or settlements. This information should in no way be taken as an indication of future results.

Search Tips:

You may use the wildcard symbol (*) as a root expander.  A search for "anti*" will find not only "anti", but also "anti-trust", "antique", etc.

Entering two terms together in a search field will behave as though an "OR" is being used.  For example, entering "Antique Motorcars" as a Client Name search will find results with either word in the Client Name.


AND and OR may be used in a search.  Note: they must be capitalized, e.g., "Project AND Finance." 

The + and - sign operators may be used.  The + sign indicates that the term immediately following is required, while the - sign indicates to omit results that contain that term. E.g., "+real -estate" says results must have "real" but not "estate".

To perform an exact phrase search, surround your search phrase with quotation marks.  For example, "Project Finance".

Searches are not case sensitive.

back to top