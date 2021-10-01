Criminals use new Windows 10 rootkit in virtual espionage attacks
Virtual spies are using a new Windows compatible rootkit to hack into Southeast Asia government and telecom operator systems.
- Android virus steals users after infecting more than 93 millions of devices
- Solution Digital Access Promise to Lower Risks of Ransomware Attacks
- Update Now! Chrome releases fix for critical security flaw
The Demodex rootkit was used by cybercriminal group GhostEmperor, according to Kaspersky researchers, as a backdoor, in other words, a malware used to gain remote access and control of a system.
Rootkit is a software, most of the times malicious, created to hide or camouflage the existence of certain processes or programs of normal detection methods and allow exclusive access to a computer and its information.
Want to catch up on the best tech news of the day? Go and subscribe to our new channel on youtube, Canaltech News.
Every day a summary of the main news in the tech world for you! The rootkit is used, according to the report, for the gang to gain access to the companies’ systems, and then, from the exploitation of vulnerabilities present in server programs such as Apache, Windows IIS, Oracle and Microsoft Exchange, data such as documents, registry keys and network traffic are collected. Finally, according to Kaspersky researchers, the attacks made by the GhostEmperor group also make use of a sophisticated malware network that allows remote control of the attacked servers.
The GhostEmperor group
Every day a summary of the main news in the tech world for you!
The rootkit is used, according to the report, for the gang to gain access to the companies’ systems, and then, from the exploitation of vulnerabilities present in server programs such as Apache, Windows IIS, Oracle and Microsoft Exchange, data such as documents, registry keys and network traffic are collected. Finally, according to Kaspersky researchers, the attacks made by the GhostEmperor group also make use of a sophisticated malware network that allows remote control of the attacked servers.
According to the report released by Kaspersky, the majority of attacks carried out by the GhostEmperor group targeted telecommunications operators and government organizations in countries such as Malaysia, Thailand, Vietnam and Indonesia, with a few reported occurrences in Egypt, Ethiopia and Afghanistan.
For Kaspersky researchers, this group of criminals has demonstrated an enormous ability to remain hidden for months, and also its technical ability when adapting the Demodex rootkit for Windows , plus a deep understanding of the mind of digital security experts.
Finally, the conclusion that Kaspersky researchers they arrived when and rootkits should still be considered as a possible tactical, technical, and procedural (TTP) option used by criminals for cyber attacks.
More information about GhostEmperor group methods and about the Demodex rootkit can be found in the Kaspersky report, available here.
Source: BleepingComputer, Kaspersky
Did you like this article?
Subscribe your email on Canaltech to receive daily updates with the latest news from the world of technology.
2020 2020