← Back to Actors
Darkhotel
DarkhotelDUBNIUMZigzag Hail
[Darkhotel](https://attack.mitre.org/groups/G0012) is a suspected South Korean threat group that has targeted victims primarily in East Asia since at least 2004. The group's name is based on cyber espionage operations conducted via hotel Internet networks against traveling executives and other select guests. [Darkhotel](https://attack.mitre.org/groups/G0012) has also conducted spearphishing campaigns and infected victims through peer-to-peer and file sharing networks.(Citation: Kaspersky Darkhotel)(Citation: Securelist Darkhotel Aug 2015)(Citation: Microsoft Digital Defense FY20 Sept 2020)
24
Techniques
22
Covered
2
Gaps
92%
Coverage
Coverage22/24
COVERED (22)
T1016System Network Configuration Discovery35 det.T1027.013Encrypted/Encoded File7 det.T1036.005Match Legitimate Resource Name or Location44 det.T1056.001Keylogging4 det.T1057Process Discovery18 det.T1059.003Windows Command Shell79 det.T1080Taint Shared Content2 det.T1082System Information Discovery80 det.T1083File and Directory Discovery48 det.T1091Replication Through Removable Media8 det.T1105Ingress Tool Transfer170 det.T1124System Time Discovery4 det.T1140Deobfuscate/Decode Files or Information55 det.T1189Drive-by Compromise10 det.T1203Exploitation for Client Execution71 det.T1204.002Malicious File397 det.T1497Virtualization/Sandbox Evasion12 det.T1497.001System Checks6 det.T1518.001Security Software Discovery8 det.T1547.001Registry Run Keys / Startup Folder50 det.T1553.002Code Signing3 det.T1566.001Spearphishing Attachment850 det.