G0012
G0012Darkhotel
Description
[Darkhotel](https://attack.mitre.org/groups/G0012) is a suspected South Korean threat group that has targeted victims primarily in East Asia since at least 2004. The group's name is based on cyber espionage operations conducted via hotel Internet networks against traveling executives and other select guests. [Darkhotel](https://attack.mitre.org/groups/G0012) has also conducted spearphishing campaigns and infected victims through peer-to-peer and file sharing networks.(Citation: Kaspersky Darkhotel)(Citation: Securelist Darkhotel Aug 2015)(Citation: Microsoft Digital Defense FY20 Sept 2020)
References
- https://attack.mitre.org/groups/G0012
- https://securelist.com/darkhotels-attacks-in-2015/71713/
- https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/08070903/darkhotel_kl_07.11.pdf
- https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RWxPuf
- https://www.microsoft.com/security/blog/2016/07/14/reverse-engineering-dubnium-stage-2-payload-analysis/
- https://www.microsoft.com/security/blog/2016/06/20/reverse-engineering-dubniums-flash-targeting-exploit/
- https://www.microsoft.com/security/blog/2016/06/09/reverse-engineering-dubnium-2/
Software attributed to this1
| Type | Target | Confidence | Tier |
|---|---|---|---|
| Software | Ramsays0458 | 100% | live |
Related by meaning· 6
Nearest entities by semantic similarity across the cs-graph corpus.