The DarkHotel hacking group has returned, but this time they're focusing on a different target, using a new strain of Inexsmar malware. The so-called 'DarkHotel' group has been active for over a decade, with a signature brand of cybercrime that targets business travelers with malware attacks, using the Wi-Fi in luxury hotels across the globe.
The actors behind DarkHotel have changed tactics again, using a new form of malware known as Inexsmar to attack political targets. Researchers have linked the Inexsmar campaign to DarkHotel because of similarities with payloads delivered by previous campaigns.
References: Hackers are Attacking Wi-Fi of Hotel with a Particular Evil Malware | DarkHotel Perfects a New Attack Gambit for Political Targets | DarkHotel Hackers are Going After Political Targets Instead of CEOs with New Inexsmar Malware
HSBC, a British–Hong Kong multinational banking and financial services holding company, is the aim of a malspam campaign spreading a TrickBot banking Trojan. An email with the subject of “Account secure documents” is pretending to come from HSBC but is actually coming from a look alike domain.
Malicious actors are sending these spoof emails from various registered domains that look like genuine bank domains. The emails have subjects that are designed to entice you or alarm you into blindly opening the attachment or clicking the link in the email to see what is happening. The email attachment contains either a macro script or an embedded OLE object that will infect your device.
*IP addresses provided by Recorded Future.
Want to learn about Alert Logic products in more detail? Call us direct at +1.877.484.8383, for the UK call +44 (0) 203 011 5533, or complete this form. An Alert Logic representative will contact you soon.