Threat Group Cards: A Threat Actor Encyclopedia

Names	RevengeHotels (Kaspersky)
Country	[Unknown]
Motivation	Information theft and espionage
First seen	2015
Description	(Kaspersky) RevengeHotels is a campaign that has been active since at least 2015, revealing different groups using traditional RAT malware to infect businesses in the hospitality sector. While there is a marked interest in Brazilian victims, our telemetry shows that their reach has extended to other countries in Latin America and beyond. The use of spear-phishing emails, malicious documents and RAT malware is yielding significant results for at least two groups we have identified in this campaign. Other threat actors may also be part of this wave of attacks, though there is no confirmation at the current time.
Observed	Sectors: Hospitality. Countries: Argentina, Bolivia, Brazil, Chile, Costa Rica, France, Italy, Mexico, Portugal, Spain, Thailand, Turkey.
Tools used	888 RAT, NanoCore RAT, njRAT, RevengeRAT.
Information	<https://securelist.com/revengehotels/95229/>

Last change to this card: 14 April 2020

Download this actor card in PDF or JSON format