Names | RevengeHotels (Kaspersky) | |
Country | [Unknown] | |
Motivation | Information theft and espionage | |
First seen | 2015 | |
Description | (Kaspersky) RevengeHotels is a campaign that has been active since at least 2015, revealing different groups using traditional RAT malware to infect businesses in the hospitality sector. While there is a marked interest in Brazilian victims, our telemetry shows that their reach has extended to other countries in Latin America and beyond. The use of spear-phishing emails, malicious documents and RAT malware is yielding significant results for at least two groups we have identified in this campaign. Other threat actors may also be part of this wave of attacks, though there is no confirmation at the current time. | |
Observed | Sectors: Hospitality. Countries: Argentina, Bolivia, Brazil, Chile, Costa Rica, France, Italy, Mexico, Portugal, Spain, Thailand, Turkey. | |
Tools used | 888 RAT, NanoCore RAT, njRAT, RevengeRAT. | |
Information | <https://securelist.com/revengehotels/95229/> |
Last change to this card: 14 April 2020
Download this actor card in PDF or JSON format
Previous: RedHotel, TAG-22
Next: Riddle Spider
Digital Service Security Center Follow us on |
Report incidents |
|
+66 (0)2-123-1227 | ||
[email protected] |