Skip to main content

‘Darkhotel’ cyber-criminals have been compromising high-level executives via hotel Wi-Fi for years

Kaspersky Lab has shone its security spotlight on a cyber-espionage campaign which has targeted (and still is targeting) top-level executives when they travel and stay in luxury hotels.

The so-called "Darkhotel" cyber-criminals have been lurking in the shadows hoovering up corporate secrets for at least four years, Kaspersky asserts. These attackers operate with "surgical precision", deleting all traces of their work, and never rip data off the same target twice to minimise any chances of being detected.

High-level American and Asian execs have apparently been the most recent targets, including CEOs, Senior VPs and Directors, with Darkhotel having its tendrils in the networks of said expensive hotels.

The scam works by detecting the login of a target victim exec on the hotel Wi-Fi network, and the attackers then trick him (or her) into downloading and installing what is on the face of it an update for Adobe Flash or similar legitimate software, but is in fact a backdoor.

The attackers can then put further malware on the machine via this backdoor, such as a keylogger or other tools designed to slurp up confidential company data, and grab details such as passwords for web services.

Related: US gov's top security contractor owned by hackers for months and didn't notice (opens in new tab)

Once the sting has been pulled off, the team delete all their tools from hotel network, and no one is any the wiser – until now, that is.

Kurt Baumgartner, Principal Security Researcher at Kaspersky Lab, called the Darkhotel attacks "well beyond typical cybercriminal behaviour".

He noted that: "This threat actor has operational competence, mathematical and crypto-analytical offensive capabilities, and other resources that are sufficient to abuse trusted commercial networks and target specific victim categories with strategic precision."

So what can you do to protect yourself from this and other similar threats?

As ever, any public network – even supposedly secure, semi-private efforts like a hotel's – should not be trusted. Kaspersky gives some sensible advice, namely to connect via a VPN, make sure you have up to date security software, and above all, always view any update you're offered on such a network with suspicion. Indeed, we'd suggest it's likely best to wait until you're on a properly secure connection before you download any updates or software onto your machine.

Read more: 7 security tips for business travellers (opens in new tab)

Darren Allan

Darran has over 25 years of experience in digital and magazine publishing as a writer and editor. He's also an author, having co-written a novel published by Little, Brown (Hachette UK). He currently writes news, features and buying guides for TechRadar, and occasionally other Future websites such as T3 or Creative Bloq and he's a copy editor for TechRadar Pro. Darrran has written for a large number of tech and gaming websites/magazines in the past, including Web User and ComputerActive. He has also worked at IDG Media, having been the Editor of PC Games Solutions and the Deputy Editor of PC Home.