Security News > 2021 > July > New Chinese Threat Group 'GhostEmperor' Targets Governments, Telecom Firms
A previously undocumented Chinese-speaking threat actor is targeting Microsoft Exchange vulnerabilities in an attempt to compromise high-profile victims, Kaspersky reveals.
According to Kaspersky, the toolset emerged as early as July 2020, with the threat actor targeting various entities in Southeast Asia, including governmental organizations and telecom companies.
Kaspersky identified the GhostEmperor cluster of activity while investigating various campaigns targeting Exchange servers.
This year, numerous threat actors targeted a series of Exchange vulnerabilities that Microsoft publicly disclosed in March, with most of the attacks attributed to Chinese adversaries.
According to Kaspersky GhostEmperor is a completely novel adversary, showing no similarities to known threat actors.
"GhostEmperor is a clear example of how cybercriminals look for new techniques to use and new vulnerabilities to exploit. Using a previously unknown, sophisticated rootkit, they brought new problems to the already well-established trend of attacks against Microsoft Exchange servers," David Emm, security expert at Kaspersky, said.