_Rokas_Tenys_Alamy.jpg?disable=upscale&width=1200&height=630&fit=crop)
July 19, 2024 at 11:36AM
The sophisticated Chinese hacking group GhostEmperor has reappeared after a two-year hiatus with updated and advanced tactics, as revealed by cybersecurity firm Sygnia. The group targeted telecommunications and government entities in Southeast Asia, using customized malware and evasion methods. The recent intrusion involved an evolved attack chain and indicated the group’s state-sponsored status.
From the meeting notes, the key takeaways are:
– The Chinese hacking group GhostEmperor has re-emerged after a two-year hiatus with enhanced capabilities and evasion tactics, as reported by cybersecurity firm Sygnia.
– Sygnia’s investigation revealed the group’s use of an updated Demodex rootkit and new obfuscation techniques, indicating the potential existence of a newer version than previously documented by Kaspersky Lab in 2021.
– GhostEmperor has altered its infection chain by utilizing the WMIExec tool from the Impacket Toolkit for initiating the infection process, displaying an increased level of sophistication and stealthiness.
– The group was initially known for targeting high-profile entities in Southeast Asia and has now expanded its scope of operations to include additional regions such as Egypt, Ethiopia, and Afghanistan.
– Chinese threat actors have shown increased activity, with other groups like APT40 and Velvet Ant also engaging in targeted cyber attacks.
These takeaways encapsulate the recent activities and evolutions within the realm of Chinese threat actors and their cyber operations, suggesting a heightened level of sophistication and ambition in their activities.