DarkHotel (or Darkhotel) is a targeted spear-phishing spyware and malware-spreading campaign that appears to be selectively attacking business hotel visitors through the hotel's in-house WiFi network.
[3][4] The attacks are specifically targeted at senior company executives,[5] using forged digital certificates, generated by factoring the underlying weak public keys of real certificates, to convince victims that prompted software downloads are valid.
Zetter (2014) explains that the group, dubbed DarkHotel or Tapaoux, has also been actively infecting users through spear-phishing and Peer-to-Peer networks since 2007 and using those attacks to load key logging and reverse engineering tools onto infected endpoints.
[7] Targets are aimed primarily at executives in investments and development, government agencies, defense industries, electronic manufacturers and energy policy makers.
[9] Once attackers are in the victim's computer(s), sensitive information such as passwords and intellectual property are quickly stolen before attackers erase their tools in hopes of not getting caught in order to keep the high level victims from resetting all of the passwords for their accounts.