The South Korean DarkHotel hacking group has been spotted in a new campaign spanning December 2021 through January 2022. Trellix tracked the C2 IP address exposed in a December 2021 report by Zscaler to trace the actor’s activity. Two of the hotel chains confirmed as targeted in this campaign are the Grand Coloane Resort and the Wynn Palace, both 5-star hotels in Macao, China. These hotels were planning to host international conferences on trade, investment, and the environment. The campaign was likely aiming to lay the foundation for future espionage.”]

