A shadowy cyber group from China, known as ‘GhostEmperor’, has resurfaced after a two-year absence, showcasing even more advanced evasion techniques. This group, infamous for its intricate attacks on Southeast Asian telecom and government sectors, was recently identified by cybersecurity experts.
Sygnia, a cybersecurity firm, reported on Wednesday that ‘GhostEmperor’ was implicated in a recent breach. The incident involved a compromised network that served as a stepping stone to infiltrate additional systems.
This marks the first detailed report on ‘GhostEmperor’ since its initial discovery by Kaspersky Lab in 2021. Amir Sadon of Sygnia expressed uncertainty about the lack of reports on the group’s activities during the hiatus, suggesting either a period of dormancy or simply a gap in detection.
‘GhostEmperor’ is notorious for utilizing a complex tool known as a kernel-level rootkit, typically associated with state-backed cyber groups due to the significant resources required for its development and deployment.
This rootkit grants the group privileged access to the core of the operating system, enabling them to circumvent endpoint detection and response (EDR) systems and other security measures.
Sygnia’s findings indicate that the rootkit, referred to as ‘Demodex’ by Kaspersky, has undergone substantial updates. Particularly noteworthy is the altered attack sequence, revealing ‘GhostEmperor’s adoption of more refined tools and covert tactics.
The 2021 Kaspersky report lauded the technical prowess of ‘GhostEmperor’s hackers, noting their targeting of prominent organizations across Malaysia, Thailand, Vietnam, Indonesia, and even beyond Southeast Asia.
The report highlighted the strategic significance of infections in regions with connections to Southeast Asia, suggesting espionage motives aligned with geopolitical interests.
Sygnia emphasized the supply-chain dimension of the attack, pointing out the aggressor’s strategy to extend their reach into partner networks once a foothold was established.
Azeem Aleem of Sygnia underscored the evolution of ‘GhostEmperor’ since the initial Kaspersky report, particularly the sophisticated means by which the rootkit now evades EDR protections. He also stressed the importance of environmental awareness to mitigate the impact of such breaches.
Aleem’s message is clear: absolute security is unattainable, but minimizing the duration and impact of breaches is crucial. He advocates for a proactive approach, focusing on preventative strategies rather than succumbing to fear or uncertainty.
Sponsored • TRJ Ads
Inquiries: contact@therealistjuggernaut.com
It seems like ot is just a matter of time before the hackers have the upper hand.
I agree with that statement. There needs to be way more security measures in place. The government and these other companies aren’t doing a whole lot to upgrade what needs to be improved. Also, it doesn’t help when there are companies you trust that sell your information.
Nice post! If you wouldn’t mind, subscribe for free to our blog at the homepage https://neuralaym.com/ for unique neurological tales! Also, to learn all about some intelligence boosting tools- check this out- https://linktr.ee/neuralaym
Thank you very much. 😎