Security News > 2021 > September > GhostEmperor hackers use new Windows 10 rootkit in attacks
Chinese-speaking cyberspies have targeted Southeast Asian governmental entities and telecommunication companies for more than a year, backdooring systems running the latest Windows 10 versions with a newly discovered rootkit.
The hacking group, dubbed GhostEmperor by Kaspersky researchers who spotted it, use the Demodex rootkit, which acts as a backdoor to maintain persistence on compromised servers.
"To bypass the Windows Driver Signature Enforcement mechanism, GhostEmperor uses a loading scheme involving a component of an open-source project named 'Cheat Engine',"Kaspersky said in July when it released the first details regarding this threat actor.
GhostEmperor also uses a "Sophisticated multi-stage malware framework" that allows the attackers with remote control capabilities over breached devices to provide remote control over the attacked servers.
"The attackers conducted the required level of research to make the Demodex rootkit fully functional on Windows 10, allowing it to load through documented features of a third-party signed and benign driver."
Further technical details regarding GhostEmperor's tactics and the Demodex rootkit can be found in Kaspersky's deep dive and report.
News URL
Related news
- JPCERT shares Windows Event Log tips to detect ransomware attacks (source)
- North Korean Hackers Using New VeilShell Backdoor in Stealthy Cyber Attacks (source)
- Microsoft and DOJ disrupt Russian FSB hackers' attack infrastructure (source)
- Windows 10 KB5044273 update released with 9 fixes, security updates (source)
- Iranian hackers now exploit Windows flaw to elevate privileges (source)
- Exploit released for new Windows Server "WinReg" NTLM Relay attack (source)
- Windows 10 KB5045594 update fixes multi-function printer bugs (source)
- Notorious Hacker Group TeamTNT Launches New Cloud Attacks for Crypto Mining (source)
- North Korean govt hackers linked to Play ransomware attack (source)
- Microsoft fixes Windows 10 bug causing apps to stop working (source)