Chinese threat group GhostEmperor has become even more covert in its operations more than two years after targeting Southeast Asian telecommunications firms and government organizations with advanced supply chain intrusions, reports The Record, a news site by cybersecurity firm Recorded Future.
Attackers leveraged an updated version of the Demodex kernel-level rootkit with more advanced tools and obfuscation techniques to compromise an unnamed organization's network to infiltrate systems belonging to the organization's other business partners, according to a report from Sygnia. Aside from enabling access to a part of the operating system requiring the highest privileges, Demodex also allowed endpoint detection and response software evasion. "We are seeing, again and again — especially in this scenario, when we went into the customer’s domain — that people are not aware of their environment," said Sygnia Managing Director Azeem Aleem, who called for the implementation of measures aimed at curbing breach times and mitigating attacks.
