large-logo-mcafee-dark

Threat Landscape Dashboard

Assessing today's threats and the relationships between them

Operation Higesa 2020

The DarkHotel threat group, also known as Higesa, targeted various entities across multiple countries with spear-phishing emails containing a malicious attachment. Once opened by the victim, the malware dropped the Gh0st RAT trojan to steal a range of sensitive information including screen captures, keystrokes, audio recordings, emails, and files. The actor used Happy New Year themed emails as a decoy and a range of techniques for persistence and defense evasion including hooking, masquerading, obfuscation, and DLL search order hijacking.
Name Modified Date Sources
Operation Higesa 2020 2020-03-18