Select Page

Luxury hotels in the Chinese special administrative region of Macau were the target of a malicious spear-phishing campaign from the second half of November 2021 and through mid-January 2022.

Cybersecurity firm Trellix attributed the campaign with moderate confidence to a suspected South Korean advanced persistent threat (APT) tracked as DarkHotel, building on research previously published by Zscaler in December 2021.

Believed to be active since 2007, DarkHotel has a history of striking “senior business executives by uploading malicious code to their computers through infiltrated hotel Wi-Fi networks, as well as through spear-phishing and P2P attacks,” Zscaler researchers Sahil Antil and Sudeep Singh said. Prominent sectors targeted include law enforcement, pharmaceuticals, and automotive manufacturers.

The attack chains involved distributing email messages directed to individuals in executive roles in the hotel, such as the vice president of human resources, assistant manager, and front office manager, indicating that the intrusions were aimed at staff who were in possession of access to the hotel’s network.

In one phishing lure sent to 17 different hotels on December 7, the email purported to be from the Macau Government Tourism Office and urged the victims to open an Excel file named “信息.xls” (“information.xls”). In another case, the emails were faked to gather details about people staying in the hotels.

images from Hacker News