

- #CHINESE ESPIONAGE GROUP DEPLOYS NEW COMPATIBLE INSTALL#
- #CHINESE ESPIONAGE GROUP DEPLOYS NEW COMPATIBLE FULL#
- #CHINESE ESPIONAGE GROUP DEPLOYS NEW COMPATIBLE DOWNLOAD#

In addition, GhostEmperor used another clever trick that consisted in modifying the communications between infected hosts to its command and control servers by re-packaging data as fake multimedia formats.
#CHINESE ESPIONAGE GROUP DEPLOYS NEW COMPATIBLE FULL#
Kaspersky also noted that the group's malware was full of "a broad set of unusual and sophisticated anti-forensic and anti-analysis techniques" that tried to prevent or hinder security researchers trying to analyze their malware.
#CHINESE ESPIONAGE GROUP DEPLOYS NEW COMPATIBLE INSTALL#
Kaspersky said GhostEmperor used Cheat Engine's powerful drivers to bypass the Windows PatchGuard security feature and install a rootkit inside the victim's Windows OS.Ĭalled Demodex, researchers said the rootkit was extremely advanced and allowed the group to maintain access to the victim's device even after OS reinstalls and even on systems running recent versions of the Windows 10 OS.īut this wasn't GhostEmperor's only trick.
#CHINESE ESPIONAGE GROUP DEPLOYS NEW COMPATIBLE DOWNLOAD#
This backdoor (an in-memory implant) was then used to download and run Cheat Engine, a tool used by online gamers to introduce cheats in their favorite video games. Kaspersky believes the group used exploits for Apache, Oracle, and Microsoft Exchange servers to breach a target's perimeter network and then pivoted to more sensitive systems inside the victim's network.Īccording to a technical report released during the conference today, GhostEmperor used an assortment of different scripts and tools to deploy backdoors inside a victim's network.

The entry point for GhostEmperor's hacks were public-facing servers. "We observed that the underlying actor managed to remain under the radar for months," Kaspersky researchers explained today. Named GhostEmperor, Kaspersky said the group uses highly sophisticated tools and is often focused on gaining and keeping long-term access to its victims through the use of a powerful rootkit that can even work on the latest versions of Windows 10 operating systems. and their increasing deployment in the cyber-physical domain.Chinese espionage group deploys new rootkit compatible with Windows 10 systemsĪt the SAS 2021 security conference today, analysts from security firm Kaspersky Lab have published details about a new Chinese cyber-espionage group that has been targeting high-profile entities across South East Asia since at least July 2020. The tool’s drivers can help bypass the Windows PatchGuard security gateway, opening the path for installing the rootkit into the victim’s Windows operating system. China’s Theft & Espionage: What Must Be Done Screening Chinese students and academics isnt the solution when less than one percent of them are bad actors.Ĭompatible with the EUs promotion of responsible. The rootkit has been named “Demodex,” and according to the team, is highly advanced, allowing the group to remain in contact with the victim’s system even in the face of OS reinstalls. Anti-forensic MalwareĪpparently, that’s not the only trick GhostEmperor had up their sleeves, as Kaspersky has noted that their malware came equipped with a number of “unusual and sophisticated” tools having anti-forensic and anti-analysis properties. E ver since abruptly abandoning its zero-COVID pandemic containment strategy last year, China has been at pains to tell the world that it’s back open for business. This, they believe, made it difficult for security researchers to analyse the rootkit. Moreover, the espionage group also re-packaged data into fake multimedia formats, in order to modify the communications between infected hosts and their command and control servers. For example, if any security app came across the group’s malware, all they would find would be files classified as JPEG, RIFF, or PNG, and hosted on an Amazon server.
