{
	"id": "3da588d9-0e07-4277-ab8b-f6cf42428a3a",
	"created_at": "2026-04-06T00:20:05.097946Z",
	"updated_at": "2026-04-10T03:29:57.966695Z",
	"deleted_at": null,
	"sha1_hash": "e29aa0ff3822c9543a8acc00f5898adfcd4170b7",
	"title": "LPN-0 · Mobile Threat Catalogue",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 32958,
	"plain_text": "LPN-0 · Mobile Threat Catalogue\r\nArchived: 2026-04-05 19:55:18 UTC\r\nMobile Threat Catalogue\r\nRogue Access Points\r\nContribute\r\nThreat Category: Network Threats: Wi-Fi\r\nID: LPN-0\r\nThreat Description: Public, unsecure access points are subject to rogue access point attacks. This could allow\r\nadversaries to man-in-the-middle traffic going to and from devices connected to the network.\r\nThreat Origin\r\nGuidelines for Securing Wireless Local Area Networks (WLANs) (SP 800-153) 1\r\nExploit Examples\r\nDarkhotel: A Sophisticated New Hacking Attack Targets High-Profile Hotel Guests 2\r\nCVE Examples\r\nPossible Countermeasures\r\nMobile Device User\r\nAvoid the use of untrusted and unencrypted Wi-Fi networks, particularly when needing to access sensitive\r\nservices.\r\nWhen needing to connect to untrusted and unencrypted Wi-Fi networks, attempt to verify with a representative of\r\nthe hosting organization (e.g., coffe shop employee) that the detected network is the correct one.\r\nTo reduce the probability of connecting to rogue access points, use Wi-Fi hotspot services that associate access\r\npoints with registered Wi-Fi provider, geolocation, and crowd-sourced reputation data to make assertions about\r\nthe their apparent trustworthiness.\r\nEnterprise\r\nTo reduce the probability of connecting to rogue access points, use Wi-Fi hotspot services that associate access\r\npoints with registered Wi-Fi provider, geolocation, and crowd-sourced reputation data to make assertions about\r\nthe their apparent trustworthiness.\r\nhttps://pages.nist.gov/mobile-threat-catalogue/lan-pan-threats/LPN-0.html\r\nPage 1 of 2\n\nTo avoid this threat, only allow mobile devices to connect to authorized Wi-Fi networks that use WPA2\r\nencryption.\r\nReferences\r\nSource: https://pages.nist.gov/mobile-threat-catalogue/lan-pan-threats/LPN-0.html\r\nhttps://pages.nist.gov/mobile-threat-catalogue/lan-pan-threats/LPN-0.html\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MITRE"
	],
	"references": [
		"https://pages.nist.gov/mobile-threat-catalogue/lan-pan-threats/LPN-0.html"
	],
	"report_names": [
		"LPN-0.html"
	],
	"threat_actors": [
		{
			"id": "1dadf04e-d725-426f-9f6c-08c5be7da159",
			"created_at": "2022-10-25T15:50:23.624538Z",
			"updated_at": "2026-04-10T02:00:05.286895Z",
			"deleted_at": null,
			"main_name": "Darkhotel",
			"aliases": [
				"Darkhotel",
				"DUBNIUM",
				"Zigzag Hail"
			],
			"source_name": "MITRE:Darkhotel",
			"tools": null,
			"source_id": "MITRE",
			"reports": null
		},
		{
			"id": "b13c19d6-247d-47ba-86ba-15a94accc179",
			"created_at": "2024-05-01T02:03:08.149923Z",
			"updated_at": "2026-04-10T02:00:03.763147Z",
			"deleted_at": null,
			"main_name": "TUNGSTEN BRIDGE",
			"aliases": [
				"APT-C-06 ",
				"ATK52 ",
				"CTG-1948 ",
				"DUBNIUM ",
				"DarkHotel ",
				"Fallout Team ",
				"Shadow Crane ",
				"Zigzag Hail "
			],
			"source_name": "Secureworks:TUNGSTEN BRIDGE",
			"tools": [
				"Nemim",
				"Tapaoux"
			],
			"source_id": "Secureworks",
			"reports": null
		},
		{
			"id": "2b4eec94-7672-4bee-acb2-b857d0d26d12",
			"created_at": "2023-01-06T13:46:38.272109Z",
			"updated_at": "2026-04-10T02:00:02.906089Z",
			"deleted_at": null,
			"main_name": "DarkHotel",
			"aliases": [
				"T-APT-02",
				"Nemim",
				"Nemin",
				"Shadow Crane",
				"G0012",
				"DUBNIUM",
				"Karba",
				"APT-C-06",
				"SIG25",
				"TUNGSTEN BRIDGE",
				"Zigzag Hail",
				"Fallout Team",
				"Luder",
				"Tapaoux",
				"ATK52"
			],
			"source_name": "MISPGALAXY:DarkHotel",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "c0cedde3-5a9b-430f-9b77-e6568307205e",
			"created_at": "2022-10-25T16:07:23.528994Z",
			"updated_at": "2026-04-10T02:00:04.642473Z",
			"deleted_at": null,
			"main_name": "DarkHotel",
			"aliases": [
				"APT-C-06",
				"ATK 52",
				"CTG-1948",
				"Dubnium",
				"Fallout Team",
				"G0012",
				"G0126",
				"Higaisa",
				"Luder",
				"Operation DarkHotel",
				"Operation Daybreak",
				"Operation Inexsmar",
				"Operation PowerFall",
				"Operation The Gh0st Remains the Same",
				"Purple Pygmy",
				"SIG25",
				"Shadow Crane",
				"T-APT-02",
				"TieOnJoe",
				"Tungsten Bridge",
				"Zigzag Hail"
			],
			"source_name": "ETDA:DarkHotel",
			"tools": [
				"Asruex",
				"DarkHotel",
				"DmaUp3.exe",
				"GreezeBackdoor",
				"Karba",
				"Nemain",
				"Nemim",
				"Ramsay",
				"Retro",
				"Tapaoux",
				"Trojan.Win32.Karba.e",
				"Virus.Win32.Pioneer.dx",
				"igfxext.exe",
				"msieckc.exe"
			],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775434805,
	"ts_updated_at": 1775791797,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/e29aa0ff3822c9543a8acc00f5898adfcd4170b7.pdf",
		"text": "https://archive.orkl.eu/e29aa0ff3822c9543a8acc00f5898adfcd4170b7.txt",
		"img": "https://archive.orkl.eu/e29aa0ff3822c9543a8acc00f5898adfcd4170b7.jpg"
	}
}