Darkhotel Deploys Zero-Day From Hacking Team

Uploaded on 2015-08-31 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW

The Darkhotel cyberespionage crew keeps adding to its bag of tricks: New evidence from Kaspersky Lab shows that the group seems to have latched on to some of the zero-day vulnerabilities exposed by the Hacking Team data dump last month.

Known best for breaking into Wi-Fi networks in luxury hotels to target very high profile corporate and government executives, the team has long depended on zero-day and half-day vulnerabilities to strike its targets.

According to Kaspersky, Darkhotel has gone through half a dozen or more zero-days targeting Adobe Flash Player in the past year, investing considerable funds to beef up a quiver meant to hit the proverbial bulls eyes. But it isn't above striking when opportunities like the breach of Hacking Team present themselves. “Darkhotel has returned with yet another Adobe Flash Player exploit hosted on a compromised website, and this time it appears to have been driven by the Hacking Team leak," says Kurt Baumgartner, principal security researcher at Kaspersky Lab. "The group has previously delivered a different Flash exploit on the same website, which we reported as a zero-day to Adobe in January 2014. Darkhotel seems to have burned through a pile of Flash zero-day and half-day exploits over the past few years, and it may have stockpiled more to perform precise attacks on high-level individuals globally."

The Korean group initially focused 90 percent of its efforts targeting victim organizations in Japan, Taiwan, China, Russia, and Hong Kong. But over the past year it has expanded its geographical reach to North Korea and South Korea, Russia, Bangladesh, Thailand, India, Mozambique, and Germany.

Darkhotel depends on dogged persistence on the social engineering front. For example, if a Darkhotel spear phisher is sending out a fake schedule file with malicious payloads, he'll send one in February with a naming convention that uses the current date, and then send another one in May with the same naming convention and a new one to match the date.

Additionally, the group has leaned on stolen certificates on an ongoing basis. Kaspersky says it believes the crew maintains a stockpile of these stolen certs in order to use them in their downloaders and backdoors to evade detection. "Darkhotel now tends to hide its code behind layers of encryption. It is likely that it has slowly adapted to attacking better-defended environments and prefers not to burn these stolen digital certificates. In previous attacks it would simply have taken advantage of a long list of weakly implemented, broken certificates," according to Kaspersky. "Not only are its obfuscation techniques becoming stronger, but its anti-detection technology list is growing. "

Dark Reading

 

 

 

« Seamless Technology Is a Gift for Cybercriminals
Hacking For Cause: Growing Cyber Security Trend »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

edgescan

edgescan

edgescan is a cloud-based continuous vulnerability management and penetration testing solution.

Gatewatcher

Gatewatcher

Gatewatcher is a digital breach detection platform targeting crafted attacks and protecting organizations against advanced cyber threats.

Japan Network Security Association (JNSA)

Japan Network Security Association (JNSA)

JNSA's goal is to promote standardization related to network security and to contribute to greater technological standards in the field.

WetStone Technologies

WetStone Technologies

WetStone develops software solutions that support investigators and analysts engaged in eCrime Investigation, eForensics and incident response activities.

Montreal International

Montreal International

You’re an entrepreneur planning to launch a company in an innovative sector such as AI, cybersecurity, 'deeptech' or fintech? You’ve found the right place!

SOSA

SOSA

SOSA facilitates new growth opportunities by connecting the dots between industry verticals and innovation ecosystems around the world.

SafeGuard Cyber

SafeGuard Cyber

The SafeGuard Cyber SaaS platform empowers enterprises to adopt the social and digital channels they need to reach customers, while reducing digital risk and staying secure and compliant.

Aurora Systems Consulting

Aurora Systems Consulting

Aurora is a Cybersecurity solutions provider with a portfolio consisting of security consulting, products and services that proactively prevent, secure and manage advanced threats and malware.

Squad

Squad

Squad provides leading expertise to ensure protection against the most complex cyber threats. Combining the best practices of DevOps and Cybersecurity, we are committed to create a secured cyber space

Bedrock Systems

Bedrock Systems

BedRock Systems is on a mission to deliver a trusted computing base from edge to cloud, where safety and security isn’t just a perception, it’s a formally proven reality.

Zeva

Zeva

Zeva solves complex identity and encryption challenges for the federal government and corporations around the globe.

MailChannels

MailChannels

MailChannels protects companies against malicious email threats. Used by 750+ hosting providers around the world.

Core to Cloud

Core to Cloud

Core to Cloud provide consultancy and technical support for the planning and implementation of sustainable security strategies.

Zama

Zama

Zama - pioneering homomorphic encryption. We believe people shouldn't care about privacy. Not because it doesn't matter, but because it shouldn't be an issue!

Sentar

Sentar

Sentar is a cyber intelligence company, applying advanced analytics and systems engineering expertise to protect our national security by securing mission-critical assets.

Control D

Control D

Control D is a modern and customizable DNS service that blocks threats, unwanted content and ads - on all devices.