Threat Intelligence, Supply chain

GhostEmperor reemerges from over two-year hiatus

Share
(Adobe Stock)

Chinese threat group GhostEmperor has become even more covert in its operations more than two years after targeting Southeast Asian telecommunications firms and government organizations with advanced supply chain intrusions, reports The Record, a news site by cybersecurity firm Recorded Future.

Attackers leveraged an updated version of the Demodex kernel-level rootkit with more advanced tools and obfuscation techniques to compromise an unnamed organization's network to infiltrate systems belonging to the organization's other business partners, according to a report from Sygnia. Aside from enabling access to a part of the operating system requiring the highest privileges, Demodex also allowed endpoint detection and response software evasion. "We are seeing, again and again — especially in this scenario, when we went into the customer’s domain — that people are not aware of their environment," said Sygnia Managing Director Azeem Aleem, who called for the implementation of measures aimed at curbing breach times and mitigating attacks.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.