Inexsmar: An unusual DarkHotel campaign
The DarkHotel threat actors have been known to operate for a decade now, targeting thousands of businesses across the world via Wi-Fi infrastructure in hotels. Blending whaling (high-level spear phishing) techniques with advanced malware and other complex attack avenues (such as digital certificate factoring), the threat actors have been able to run their business undisturbed for years, except for the few times when samples of DarkHotel malware got documented in blog posts by threat researchers.
Our threat researchers have come across a very particular DarkHotel attack known as Inexsmar, which appears to mark a significant departure from the APT group’s traditional modus operandi. This sample dates back to September 2016 and seems to be used in a campaign that targets political figures rather than the usual corporate research and development personnel, CEOs and other senior corporate officials.
This attack uses a new payload delivery mechanism rather than the consecrated zero-day exploitation techniques, blending social engineering with a relatively complex Trojan to infect its selected pool of victims.
An in-depth analysis of this Inexsmar campaign can be downloaded here:
LuminousMoth – PlugX, File Exfiltration and Persistence Revisited
July 21, 2021
How We Tracked a Threat Group Running an Active Cryptojacking Campaign
July 14, 2021
A Note from the Bitdefender Labs Team on Ransomware and Decryptors
May 26, 2021
New Nebulae Backdoor Linked with the NAIKON Group
April 28, 2021
Good riddance, GandCrab! We’re still fixing the mess you left behind.
June 17, 2019