🇧🇷

RevengeHotels

APT Group Information theft and espionage Financial crime 2 zero-day CVEs ETDA ✓

Also Known As

No alias recorded

Target Countries 15

Countries highlighted in red

Argentina Plurinational State of Bolivia Brazil Canada Chile Costa Rica Germany Spain France Italy Mexico Portugal Thailand Turkey United States

Sectors Targeted

Hospitality Accommodation 721

Details

Origin 🇧🇷 BR

Last Updated 10 Feb 2024

MITRE ATT&CK 19

T1021.001 - Remote Desktop Protocol T1021.005 - VNC T1027 - Obfuscated Files or Information T1055 - Process Injection T1059.001 - PowerShell T1059.007 - JavaScript T1070.001 - Clear Windows Event Logs T1071.001 T1091 - Replication Through Removable Media T1112 - Modify Registry T1140 - Deobfuscate/Decode Files or Information T1204 - User Execution T1210 T1553.005 - Mark-of-the-Web Bypass T1562.001 - Disable or Modify Tools T1566 - Phishing T1566.001 T1571 - Non-Standard Port T1574.002 - DLL Side-Loading

Related Zero-Days 2

CVE-2017-0199 CVE-2025-29824

Known Names 1 entries

RevengeHotels Kaspersky

Observed Target Countries 12

Based on ETDA data — countries highlighted in red

Argentina Bolivia Brazil Chile Costa Rica France Italy Mexico Portugal Spain Thailand Turkey

Description

(Kaspersky) RevengeHotels is a campaign that has been active since at least 2015, revealing different groups using traditional RAT malware to infect businesses in the hospitality sector. While there is a marked interest in Brazilian victims, our telemetry shows that their reach has extended to other countries in Latin America and beyond. The use of spear-phishing emails, malicious documents and RAT malware is yielding significant results for at least two groups we have identified in this campaign. Other threat actors may also be part of this wave of attacks, though there is no confirmation at the current time.

Tools Used 4

888 RAT NanoCore RAT njRAT RevengeRAT

Reports & References 1

https://securelist.com/revengehotels/95229/

ETDA Profile

RevengeHotels

Origin

[Unknown]

First Seen 2015

Motivation

Information theft and espionage

View on ETDA APT Groups ↗