Researchers from Kaspersky reveals that a Chinese-speaking threat actor named “GhostEmperor” is targeting several government entities and telecom companies in Southeast Asia . The group which is known for the custom Windows kernel-mode rootkit.

To bypass the Windows Driver Signature Enforcement mechanism, GhostEmperor uses a loading scheme involving a component of an open-source project named “Cheat Engine.” This advanced toolset is unique and Kaspersky researchers see no similarity to already known threat actors.” reads the report.

Kiren In Digital | Illustration - King Ghost

Kaspersky experts also believe that these tools were in use atleast July 2020. Experts also believe they use “a sophisticated multi-stage malware framework aimed at providing remote control over the attacked servers.”

Cheat Engine is mostly used for cheating in computer games  and is sometimes modified and recompiled to evade detection. It searches for values input by the user with a wide variety of options that allow the user to find and sort through the computer’s memory.

GhostEmperor is a clear example of how cybercriminals look for new techniques to use and new vulnerabilities to exploit. Using a previously unknown, sophisticated rootkit, they brought new problems to the already well-established trend of attacks against Microsoft Exchange servers,” David Emm, say security expert at Kaspersky.

At the time of writing, Kaspersky has not made the IOC’s for public usage. Kaspersky Threat intelligence product customers can reach out them for more information about this malware.

–-For more Cyber security news in crisp content . Please follow our site via twitter handle @cyberworkx1

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s