Kaspersky Lab specialists spoke about a new Chinese hacker group that has been attacking high-ranking officials in Southeast Asia since at least July 2020. She used very sophisticated tools that could work with Windows 10.
The group was named GhostEmperor. Hackers often tried to gain long-term access to victims’ computers through a rootkit capable of running on Windows 10. The malware managed to go unnoticed for months.
Experts found that the hackers used exploits for Apache, Oracle and Microsoft Exchange servers to break into networks close to the target. The group then switched to more sensitive systems within the victim’s network. GhostEmperor used a set of different scripts and tools to deploy backdoors to the target network. The backdoors were then used to load the Cheat Engine tool. This helped to bypass the Windows PatchGuard security features and install the rootkit in the OS.
The researchers said that the rootkit, dubbed Demodex, was extremely advanced and allowed the group to retain access to the victim’s device even after reinstalling the system.
Kaspersky Lab specialists did not disclose who the group was hunting. All they said was that GhostEmperor was targeting government agencies and telecommunications companies in Southeast Asia ( Malaysia, Thailand, Vietnam and Indonesia ), as well as Egypt, Afghanistan and Ethiopia
Catch up on more articles here
Follow us on Twitter here