DarkHotel (APT-C-06 / ATK52 / DUBNIUM): The Global Espionage Network Behind Elite Cyber Intrusions

This report profiles DarkHotel (APT‑C‑06), a long‑running, likely state‑sponsored espionage actor attributed to South Korea that has evolved from hotel Wi‑Fi infection operations to supply‑chain and cloud exploitation; it documents targeting (diplomats, defense contractors, executives), modular malware families (Inexsmar, Karba, Tapaoux, Nemim/Nemin, Pioneer/Luder), use of zero‑days and valid digital certificates, C2 techniques, and operational history with mitigation recommendations.