Cybercrime Gang Targets Execs Using Hotel Internet
Executives traveling across Asia have been targeted by cyber criminals through hotel internet networks in an ongoing and sophisticated attack, a Russian cybersecurity company said Monday.
Thousands of people traveling mostly in Japan, as well as Taiwan, China and other countries, have been affected by the attacks, which are likely targeted at a specific individual and occur when the traveler connects to the hotel wireless or cable internet, according to Moscow-based Kaspersky Lab. About two-thirds of the attacks occurred in Japan, the report said.
After connecting to an infected hotel network, travelers are asked to install seemingly legitimate updates to products such as Adobe ADBE -0.69% Flash and Google GOOGL +0.02% Toolbar, but actually contain infected software. That allowed attackers to figure out which victims were most significant and download additional malware. After the attack, the hackers would harvest cached and stored passwords.
Kaspersky didn’t name specific hotels or guests who were victims of the attack, known as Darkhotel. Researchers said the attackers seem to know some of the targets’ travel itineraries. Kaspersky said it isn’t clear why certain people were targeted.
“While setting up the attack, the Darkhotel attackers knew the target’s expected arrival and departure times, room number, and full name, among other data,” the Kaspersky report said.
The attacks have been happening at least since 2009 and possibly earlier, the report said.
The FBI in May 2012 issued a similar warning to traveling executives.
The same crew apparently used a variety of other tactics. The group targeted military, government and non-governmental organizations through email phishing attempts that lured people with emails about nuclear energy and weapons, the report said.