The DarkHotel global advanced threat actor group is targeting suit-wearing types with an old-school HTML application stuffed with the Adobe Flash exploit borrowed from stolen Hacking Team data.
The flaws were quickly patched after the Hacking Team goring in July, but DarkHotel appears to have started targeting the exploits before the fixes landed. The group’s efforts target the HTML application (.hta) to attack executives in at least nine nations, from Bangladesh, to North Korea and Germany.
Kaspersky researchers say the group will “relentlessly spearphish specific targets” over months in order to pull off a successful compromise.
“The DarkHotel advanced persistent threat group continues to spearphish targets around the world, with a wider geographic reach than its previous botnet buildout and hotel Wi-Fi attacks,” the researchers say.
view the full story here