Hackers used hotel Wi-Fi to steal business executive's data, researchers say

Business executives visiting luxury hotels in Asia have been infected with malware delivered over public Wi-Fi networks, Russian security firm Kaspersky Lab has discovered. Kaspersky, which nicknamed the attack “Darkhotel,” declined to name specific hotels or guests who were victims of the attack, saying the investigation was ongoing. The company said it was working with law enforcement.

The hackers managed to tweak their code to ensure that only machines belonging to specific targets were infected, not all visitors’ PCs, and may have included state-sponsored hacking. They also seemed to have advance knowledge of their victims’ whereabouts and which hotels they would be visiting, Kaspersky said. Operating methodically — almost as though they have a hit list — the hackers never target the same person twice, Costin Raiu, director of global research and analysis at Kaspersky Lab, told ABC News.

"It seems to us that the main focus is to get further access into their networks," Raiu said of the incidents. "Perhaps the executives are not exactly the primary target," he said. "Of course these guys happen to have interesting information, but I believe the attackers want to look deeper into these companies."

Virtual Event

Hotel Optimization Part 3 | January 27, 2021

With 2020 behind us and widespread vaccine distribution on the horizon, the second half of the new year is looking up, but for Q1 (and most likely well into Q2) we’re very much still in the thick of what has undeniably been the lowest point of the pandemic. What can you be doing now to power through and set yourself up for a prosperous 2021 and beyond? Join us at Part 3 of Hotel Optimization – A Virtual Event on January 27 from 10am – 1:05pm ET for expert panels focused on getting you back to profitability.


After connecting to an infected hotel network, travelers are asked to install seemingly legitimate updates to products such as Adobe Flash and Google Toolbar, but actually contain infected software. That allowed attackers to figure out which victims were most significant and download additional malware. After the attack, the hackers would harvest cached and stored passwords, the Wall Street Journal reports. Hackers cover their tracks by deleting these tools off hotel networks afterward.

In 2012, the FBI issued a general warning to U.S. government officials, businessmen and academics, advising them to use caution when updating computer software via hotel Internet connections when traveling abroad, Reuters reports. Kaspersky's report goes further in detailing the scale, methods and precise targeting of these attacks on top business travelers.