The Hacking Team leak revealed more than a list of governments who own and use spyware, but also released a number of previously unknown zero-day exploits into the wild. As software companies scramble to patch the vulnerabilities, hackers are more than happy to use them for their own ends. It has been discovered that the notorious Darkhotel APT has already implemented these new attack vectors for its own use.
Darkhotel was a sophisticated Advanced Persistant Threat that was discovered last year. What set it apart from most APTs is the fact that it uses hotel WiFi and internet connections to deliver its payload; and that it has very specific targets in mind when acting. These targets are often high ranking government officials or important businessmen who travel and stay at these hotels. It is still unknown how the Darkhotel group knows where and when to deploy its malware to target these individuals.
It has currently returned to activity despite being exposed by Kaspersky, and this time appears to be using a Adobe Flash Player exploit that was made known from the Hacking Team leak.
There is some amount of irony in government officials being spied on using techniques and exploits they themselves may have been using to spy on people. That being said the new 2015 version of Darkhotel is designed to to identify anti-virus technologies from 27 vendors, with the intention of bypassing them. Which makes it a very dangerous piece of malware.