"Darkhotel has performed a number of successful attacks against high-profile individuals, employing methods and techniques that go well beyond typical cybercriminal behaviour," said Kaspersky Lab's principal security researcher, Kurt Baumgartner.
"This threat actor has operational competence, mathematical and crypto-analytical offensive capabilities, and other resources that are sufficient to abuse trusted commercial networks and target specific victim categories with strategic precision."
Exactly why hotels were used to stage the attacks is not clear although it could be that the individuals are simply less well defended when they travel. Although Asian targets were foremost, the attackers could easily re-purpose the attacks to point at executives from other countries, he suggested.
The MO of following VIPs using hotels bookings is unusual but not unknown - in 2013 it was revealed that Britain's GCHQ has a software system that does just that for global diplomats. The idea that the same approach could be adapted for business leaders is no stretch.
Could it be defended against? Using a hotel's capitive portal, no. If that's compromised even a VPN or HTTPS connection can be undermined. For time time being, the only answer appears to be 3G/4G if such a thing is available or a publlic Wi-F system that steers away from hotel infrastructure.
Sign up for Computerworld eNewsletters.