Executives traveling across Asia have been targeted by cybercriminals through hotel Internet networks in an ongoing and sophisticated attack, a Russian cybersecurity company said Monday.
Thousands of people have been affected by the attacks, which likely start out being targeted at a specific individual and occur when the traveler connects to the hotel wireless or cable Internet, according to Moscow-based Kaspersky Lab. About two-thirds of the attacks occurred in Japan, followed by some in Taiwan, China and other countries, the report said.
After connecting to an infected hotel network, travelers are asked to install seemingly legitimate updates to products such as Adobe ADBE +0.43% Flash and Google GOOGL -0.32% Toolbar, but actually contain infected software. That allowed attackers to figure out which victims were most significant and download additional malware. After the attack, the hackers would harvest cached and stored passwords.
Kaspersky, which nicknamed the attack “Darkhotel,” declined to name specific hotels or guests who were victims of the attack, saying the investigation was ongoing. The company said it was working with law enforcement.
Researchers said the attackers seem to know some of the targets’ travel itineraries. Kaspersky said it isn’t clear why certain people were targeted.
“While setting up the attack, the Darkhotel attackers knew the target’s expected arrival and departure times, room number, and full name, among other data,” the Kaspersky report said.
The attacks have been happening at least since 2009 and possibly earlier, the report said. The malware has two Korean-language characters in its code, but the company said it couldn’t specifically pinpoint who was behind it. The company said the sophistication of the cryptographic skills suggests there could be a government behind it, but some of the actions could be performed by “beginner” cybercriminals.
The FBI in May 2012 issued a similar warning to traveling executives.
The same crew apparently used a variety of other tactics. The group targeted military, government and nongovernmental organizations through email phishing attempts that lured people with emails about nuclear energy and weapons, the report said
Ref:wsj
0 comments:
Post a Comment