ETDA ThaiCERT
Report
Search
Home > List all groups > RevengeHotels

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link APT group: RevengeHotels

NamesRevengeHotels (Kaspersky)
Country[Unknown]
MotivationInformation theft and espionage
First seen2015
Description(Kaspersky) RevengeHotels is a campaign that has been active since at least 2015, revealing different groups using traditional RAT malware to infect businesses in the hospitality sector. While there is a marked interest in Brazilian victims, our telemetry shows that their reach has extended to other countries in Latin America and beyond.

The use of spear-phishing emails, malicious documents and RAT malware is yielding significant results for at least two groups we have identified in this campaign. Other threat actors may also be part of this wave of attacks, though there is no confirmation at the current time.
ObservedSectors: Hospitality.
Countries: Argentina, Bolivia, Brazil, Chile, Costa Rica, France, Italy, Mexico, Portugal, Spain, Thailand, Turkey.
Tools used888 RAT, NanoCore RAT, njRAT, RevengeRAT.
Information<https://securelist.com/revengehotels/95229/>

Last change to this card: 14 April 2020

Download this actor card in PDF or JSON format

Previous: RedDelta
Next: Roaming Tiger

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
E-mail report@thaicert.or.th
PGP Download PGP key