Researchers from Kaspersky reveals that a Chinese-speaking threat actor named “GhostEmperor” is targeting several government entities and telecom companies in Southeast Asia . The group which is known for the custom Windows kernel-mode rootkit.
“To bypass the Windows Driver Signature Enforcement mechanism, GhostEmperor uses a loading scheme involving a component of an open-source project named “Cheat Engine.” This advanced toolset is unique and Kaspersky researchers see no similarity to already known threat actors.” reads the report.
Kaspersky experts also believe that these tools were in use atleast July 2020. Experts also believe they use “a sophisticated multi-stage malware framework aimed at providing remote control over the attacked servers.”
Cheat Engine is mostly used for cheating in computer games and is sometimes modified and recompiled to evade detection. It searches for values input by the user with a wide variety of options that allow the user to find and sort through the computer’s memory.
“GhostEmperor is a clear example of how cybercriminals look for new techniques to use and new vulnerabilities to exploit. Using a previously unknown, sophisticated rootkit, they brought new problems to the already well-established trend of attacks against Microsoft Exchange servers,” David Emm, say security expert at Kaspersky.
At the time of writing, Kaspersky has not made the IOC’s for public usage. Kaspersky Threat intelligence product customers can reach out them for more information about this malware.
–-For more Cyber security news in crisp content . Please follow our site via twitter handle @cyberworkx1