Threat Landscape Dashboard

Assessing today's threats and the relationships between them

Operation Higesa 2020

The DarkHotel threat group, also known as Higesa, targeted various entities across multiple countries with spear-phishing emails containing a malicious attachment. Once opened by the victim, the malware dropped the Gh0st RAT trojan to steal a range of sensitive information including screen captures, keystrokes, audio recordings, emails, and files. The actor used Happy New Year themed emails as a decoy and a range of techniques for persistence and defense evasion including hooking, masquerading, obfuscation, and DLL search order hijacking.
Name Modified Date Sources
Operation Higesa 2020 2020-03-18