Threat actor · all actors
DarkhotelG0012 state
🇰🇷 KR
aka Darkhotel, DUBNIUM, Zigzag Hail, Fallout Team, Karba, Luder, Nemim, Nemin, Tapaoux, Pioneer, Shadow Crane, APT-C-06, SIG25, TUNGSTEN BRIDGE, T-APT-02, G0012, ATK52
Last updated: 2026-07-03
About this actor
[Darkhotel](https://attack.mitre.org/groups/G0012) is a suspected South Korean threat group that has targeted victims primarily in East Asia since at least 2004. The group's name is based on cyber espionage operations conducted via hotel Internet networks against traveling executives and other select guests. [Darkhotel](https://attack.mitre.org/groups/G0012) has also conducted spearphishing campaigns and infected victims through peer-to-peer and file sharing networks.(Citation: Kaspersky Darkhotel)(Citation: Securelist Darkhotel Aug 2015)(Citation: Microsoft Digital Defense FY20 Sept 2020)
Source: MITRE ATT&CK
Activity timeline
No activity events recorded.
Profile
| CVE | Risk | CVSS | EPSS | Published | Products |
|---|---|---|---|---|---|
| No attributed CVEs. | |||||
Mitigating controls (NIST 800-53)
| Control | Techniques covered | Coverage |
|---|---|---|
SI-3 | 17 / 34 | 50% |
SI-4 | 17 / 34 | 50% |
CM-2 | 16 / 34 | 47% |
CM-6 | 15 / 34 | 44% |
CA-7 | 13 / 34 | 38% |
CM-7 | 11 / 34 | 32% |
SI-7 | 11 / 34 | 32% |
SC-7 | 10 / 34 | 29% |
AC-4 | 9 / 34 | 26% |
AC-3 | 8 / 34 | 24% |
AC-6 | 8 / 34 | 24% |
SI-10 | 8 / 34 | 24% |
SI-2 | 8 / 34 | 24% |
IA-9 | 6 / 34 | 18% |
AC-2 | 5 / 34 | 15% |
Co-occurring actors
None.
Similar actors
Similar TTPs
- Frankenstein 0.38
- Sidewinder 0.36
- Windshift 0.35
- Tropic Trooper 0.34
- Higaisa 0.34
Same nation-state
Same category
- Night Dragon 1.00
- FunnyDream 1.00
- C0011 1.00
- Operation Wocao 1.00
- Operation Dream Job 1.00