Darkhotel Deploys Zero-Day From Hacking Team

Uploaded on 2015-08-31 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW

The Darkhotel cyberespionage crew keeps adding to its bag of tricks: New evidence from Kaspersky Lab shows that the group seems to have latched on to some of the zero-day vulnerabilities exposed by the Hacking Team data dump last month.

Known best for breaking into Wi-Fi networks in luxury hotels to target very high profile corporate and government executives, the team has long depended on zero-day and half-day vulnerabilities to strike its targets.

According to Kaspersky, Darkhotel has gone through half a dozen or more zero-days targeting Adobe Flash Player in the past year, investing considerable funds to beef up a quiver meant to hit the proverbial bulls eyes. But it isn't above striking when opportunities like the breach of Hacking Team present themselves. “Darkhotel has returned with yet another Adobe Flash Player exploit hosted on a compromised website, and this time it appears to have been driven by the Hacking Team leak," says Kurt Baumgartner, principal security researcher at Kaspersky Lab. "The group has previously delivered a different Flash exploit on the same website, which we reported as a zero-day to Adobe in January 2014. Darkhotel seems to have burned through a pile of Flash zero-day and half-day exploits over the past few years, and it may have stockpiled more to perform precise attacks on high-level individuals globally."

The Korean group initially focused 90 percent of its efforts targeting victim organizations in Japan, Taiwan, China, Russia, and Hong Kong. But over the past year it has expanded its geographical reach to North Korea and South Korea, Russia, Bangladesh, Thailand, India, Mozambique, and Germany.

Darkhotel depends on dogged persistence on the social engineering front. For example, if a Darkhotel spear phisher is sending out a fake schedule file with malicious payloads, he'll send one in February with a naming convention that uses the current date, and then send another one in May with the same naming convention and a new one to match the date.

Additionally, the group has leaned on stolen certificates on an ongoing basis. Kaspersky says it believes the crew maintains a stockpile of these stolen certs in order to use them in their downloaders and backdoors to evade detection. "Darkhotel now tends to hide its code behind layers of encryption. It is likely that it has slowly adapted to attacking better-defended environments and prefers not to burn these stolen digital certificates. In previous attacks it would simply have taken advantage of a long list of weakly implemented, broken certificates," according to Kaspersky. "Not only are its obfuscation techniques becoming stronger, but its anti-detection technology list is growing. "

Dark Reading

 

 

 

« Seamless Technology Is a Gift for Cybercriminals
Hacking For Cause: Growing Cyber Security Trend »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

SonicWall

SonicWall

SonicWall provide products for network security, access security, email security & encryption.

IS Decisions

IS Decisions

IS Decisions builds affordable and easy-to-use Access Management software solutions, allowing IT teams to effectively secure access to Active Directory infrastructures, SaaS apps and data within.

European Network for Cyber Security (ENCS)

European Network for Cyber Security (ENCS)

ENCS’s core focus is around educating and solving cyber security challenges in the development and operation of energy grids across Europe.

ClickDatos

ClickDatos

ClickDatos specializes in consulting, auditing, data protection training, accredited by ISO/IEC 27001 certification.

PartnerRe

PartnerRe

PartnerRe provides multi-line reinsurance to insurance companies on a worldwide basis. Services include Cyber Risk.

Trapezoid

Trapezoid

Trapezoid is a cybersecurity company developing Firmware Integrity Management solutions designed to detect unauthorized changes to firmware & BIOS across the entire data center infrastructure.

Resilia

Resilia

RESILIA is a comprehensive portfolio of tools and training to help your organization achieve global best practice in cyber security.

ZenMate

ZenMate

ZenMate is a Virtual Private Network services provider offering secure encrypted access to the internet.

RUSCADASEC

RUSCADASEC

RUSCADASEC is an independent non-profit initiative on developing the open Russian-speaking international community of industrial cyber security/ICS/SCADA cyber security professionals.

36 Group

36 Group

36 Group's criminal law team, has the experience and specialist knowledge to conduct effectively trials heavily concerned with the growing phenomenon of Cybercrime.

spriteCloud

spriteCloud

spriteCloud is an independent software testing, test automation and cybersecurity services provider.

SECUINFRA

SECUINFRA

SECUINFRA has been supporting companies in detecting, analyzing and defending against cyber attacks since 2010.

BaaSid

BaaSid

BaaSid is next generation security technology for data security & security authentication based on De-centralized & Blockchain.

Hexagon

Hexagon

Hexagon is a global leader in digital reality solutions. We are putting data to work to boost efficiency, productivity, quality and safety.

Astreya

Astreya

Astreya is the leading IT solutions provider for some of the world's most recognizable and innovative organizations.

Promptfoo

Promptfoo

Promptfoo helps developers and enterprises build secure, reliable AI applications.