Hackers have used compromised Wi-Fi networks at luxury hotels in Japan to steal sensitive information from business executives and corporate researchers as part of a data theft campaign, according to a recent report by a Russian security software company.
Kaspersky Labs said the so-called DarkHotel attacks have taken place over at least a four-year period in several countries, but the bulk of them have been carried out in Japan.
The attackers “perform operations with surgical precision, getting all the valuable data they can from the first contact, deleting traces of their work and melting into the background to await the next high profile individual,” the company said.
The hackers trick guests into downloading and installing a malicious program that pretends to be an update for well-known legitimate software such as Adobe Flash or Google Toolbar when they access Wi-Fi using their surnames and room numbers at the login.
A footprint in the code used in the malicious program points to “a Korean-speaking actor,” Kaspersky said. The company did not name any hotels or victims.
Kapersky said 2,000 terminals, or two-thirds of units confirmed to have been infected, were found in Japan. Infected terminals were also confirmed in China and Taiwan.