DarkHotel APT Targets Wynn, Macao Hotels to Rip Off Guest Data

2022-03-18 18:53

A DarkHotel phishing campaign breached luxe hotel networks, including Wynn Palace and the Grand Coloane Resort in Macao, a new report says.

An advanced persistent threat group has been targeting luxury hotels in Macao, China with a spear-phishing campaign aimed at breaching their networks and stealing the sensitive data of high-profile guests staying at resorts, including the Grand Coloane Resort and Wynn Palace.

In one attack wave, phishing emails were sent to 17 different hotels on Dec. 7 and faked to look like they were sent from the Macao Government Tourism Office, to gather information about who was staying at the hotels.

Trellix was able to attribute the attacks to DarkHotel with a "Moderate" level of confidence due to the IP address for the command-and-control server, which was previously attached to the group; the targeting of hotels, which DarkHotel is already infamous for; and patterns found in the C2 setup which match known DarkHotel activities, the report said.

Once opened, the macros contacted the C2 server to begin data exfiltration from the hotel networks, the Trellix team explained.

Attacks like these show how attractive data stored in hotel networks can be for threat actors.

News URL

https://threatpost.com/darkhotel-apt-wynn-macao-hotels/178989/

#APT #darkhotel #hotel