New DarkHotel APT attack chain identified
This attack chain is attributed to the Dark Hotel APT group with a high level of confidence due to the below reasons:
1. The multi-layer malicious document which drops a scriptlet post-exploitation.
2. Filename of the dropped file system artifacts such as the scriptlet file – googleofficechk.sct
3. The command-and-control (C2) commands are the same as earlier payloads used by Dark Hotel.
4. Timestamps of the dropped payloads are around the same timeframe when previously documented Dark Hotel APT activity was observed.
Featured Resources
Subscribe to Our Blog
Subscribe now to get the latest insights, expert tips and updates on threat exposure validation.
Subscribe