Domino effect and darkhotel APTs

Written by Enrico Frumento, CEFRIEL

One of the most interesting aspects of the Hacking Team exploit is not only the impact on the enterprise itself both in terms of tangible and intangible assets (which a lot of studies started to investigate, but not many), but also the impact on other enterprises in a domino effect, due to the tangible assets stolen to hackin team (their hack tools, their 0days exploits and so on) and used against others.

A situation under this point of view very similar to the NSA exploit ad tool leackage. Interestingly, the intent of the Hacking Team hacker was to spread the stolen asset and their intellectual property worldwide, only to increase their defeat and thus at the end, to more heavily affect the impact on their intangible assets.

One recent example of this effect is reported in the papers and reports listed in this blog post

The Darkhotel Organized Crime Group (OCG) used in this case some of the 0days exploits stolen to the hacking team company. This domino effect is a consequence also of the commoditisation level of cyber crime and  we'll see it happening a lot of times.

As an attack this is the best example of targeted attacks you may find: laser cut around victims, using ad-hoc glocalised approach, using advanced social engineering and so on... Read the report to see how advanced are the victim selection tactics of this attack.

Interestingly this news is also a proof that one of the most valuable assets of an OCG is an efficient malware forgery and brilliant (evilish) business plans.


by Enrico Frumento (CEFRIEL)


This project has received funding from the European Union’s Horizon 2020 Research and Innovation programme, under grant agreement No. 653618