ETDA สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency
Home > List all groups > RevengeHotels

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link APT group: RevengeHotels

NamesRevengeHotels (Kaspersky)
MotivationInformation theft and espionage
First seen2015
Description(Kaspersky) RevengeHotels is a campaign that has been active since at least 2015, revealing different groups using traditional RAT malware to infect businesses in the hospitality sector. While there is a marked interest in Brazilian victims, our telemetry shows that their reach has extended to other countries in Latin America and beyond.

The use of spear-phishing emails, malicious documents and RAT malware is yielding significant results for at least two groups we have identified in this campaign. Other threat actors may also be part of this wave of attacks, though there is no confirmation at the current time.
ObservedSectors: Hospitality.
Countries: Argentina, Bolivia, Brazil, Chile, Costa Rica, France, Italy, Mexico, Portugal, Spain, Thailand, Turkey.
Tools used888 RAT, NanoCore RAT, njRAT, RevengeRAT.

Last change to this card: 14 April 2020

Download this actor card in PDF or JSON format

Previous: RedHotel, TAG-22
Next: Riddle Spider

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1227
E-mail [email protected]