Cyber Resilience

Threat actor · all actors

DarkhotelG0012 state

🇰🇷 KR

aka Darkhotel, DUBNIUM, Zigzag Hail, Fallout Team, Karba, Luder, Nemim, Nemin, Tapaoux, Pioneer, Shadow Crane, APT-C-06, SIG25, TUNGSTEN BRIDGE, T-APT-02, G0012, ATK52

Last updated: 2026-07-03

0attributed CVEs
34ATT&CK techniques
0.0IDF score (tooling uniqueness)
0exclusive CVEs
years active

About this actor

[Darkhotel](https://attack.mitre.org/groups/G0012) is a suspected South Korean threat group that has targeted victims primarily in East Asia since at least 2004. The group's name is based on cyber espionage operations conducted via hotel Internet networks against traveling executives and other select guests. [Darkhotel](https://attack.mitre.org/groups/G0012) has also conducted spearphishing campaigns and infected victims through peer-to-peer and file sharing networks.(Citation: Kaspersky Darkhotel)(Citation: Securelist Darkhotel Aug 2015)(Citation: Microsoft Digital Defense FY20 Sept 2020)

Source: MITRE ATT&CK

Activity timeline

No activity events recorded.

Profile

CVERiskCVSSEPSSPublishedProducts
No attributed CVEs.

Mitigating controls (NIST 800-53)

ControlTechniques coveredCoverage
SI-317 / 3450%
SI-417 / 3450%
CM-216 / 3447%
CM-615 / 3444%
CA-713 / 3438%
CM-711 / 3432%
SI-711 / 3432%
SC-710 / 3429%
AC-49 / 3426%
AC-38 / 3424%
AC-68 / 3424%
SI-108 / 3424%
SI-28 / 3424%
IA-96 / 3418%
AC-25 / 3415%

Co-occurring actors

None.

Similar actors

Similar TTPs