Threat Group Cards: A Threat Actor Encyclopedia
Archived: 2026-04-06 03:18:18 UTC
Home > List all groups > RevengeHotels
 APT group: RevengeHotels
Names RevengeHotels (Kaspersky)
Country [Unknown]
Motivation Information theft and espionage
First seen 2015
Description
(Kaspersky) RevengeHotels is a campaign that has been active since at least 2015, revealing
different groups using traditional RAT malware to infect businesses in the hospitality sector.
While there is a marked interest in Brazilian victims, our telemetry shows that their reach has
extended to other countries in Latin America and beyond.
The use of spear-phishing emails, malicious documents and RAT malware is yielding
significant results for at least two groups we have identified in this campaign. Other threat
actors may also be part of this wave of attacks, though there is no confirmation at the current
time.
Observed
Sectors: Hospitality.
Countries: Argentina, Bolivia, Brazil, Chile, Costa Rica, France, Italy, Mexico, Portugal,
Spain, Thailand, Turkey.
Tools used 888 RAT, NanoCore RAT, njRAT, RevengeRAT.
Information Last change to this card: 14 April 2020
Download this actor card in PDF or JSON format
Source: https://apt.etda.or.th/cgi-bin/showcard.cgi?u=e1bdf2aa-a235-4f3e-bbbe-a7e7c70de802
https://apt.etda.or.th/cgi-bin/showcard.cgi?u=e1bdf2aa-a235-4f3e-bbbe-a7e7c70de802
Page 1 of 1