Skip to content
May 19, 2025
  • Facebook
  • Instagram
  • Twitter
  • Youtube
DFRAC_ORG

DFRAC_ORG

Digital Forensics, Research and Analytics Center

Primary Menu
  • Home
  • Generative AI
  • Fact Check
    • Election
    • Health
    • Conflict Zone
  • Hate Monitor
  • Opinion
  • Hashtag Scanner
  • News
  • Podcasts
  • About
    • About Us
    • Contact us
    • Our Team
    • Non-Partisanship Policy
    • Privacy Policy
    • Resources
    • Collaborations
  • हिन्दी
  • English
  • اردو
Donate us
  • Featured
  • Online Fraud
  • Opinion

Chinese espionage group targets newfound weaknesses in Exchange, targets giant companies in South-East Asia

DFRAC Editor October 13, 2021
feature (3)

At the Security Analyst Summit that took place on September 30,2021, during which the security company Kaspersky Lab released a report on a new cyber espionage group called GhostEmperor who have been using new techniques to launch cyberattacks on servers. 

The main target of GhostEmperor is government and telecommunications services in Malaysia, Thailand, Indonesia even spanning all the way to Afghanistan and Egypt. 

It is being said that the group is focused on gaining long term access to its victims and uses a highly sophisticated toolkit that is even compatible with Windows 10 further increasing the risks. 

GhostEmperor entered servers through applications such as Oracle and Microsoft Exchange whose servers were exploited by the group to enter the target servers. 

In the report, they have detailed how GhostEmperor uses different scripts and tools to help infiltrate the network’s backdoors. 

The architecture used by the attackers to stage shellcode buffers in the winlogon.exe process in order to handle various remote control features
Courtesy: Kaspersky

After infiltrating the network, the backdoor is used to install the open-source Cheat Engine which is primarily used by gamers to install cheat codes to their games. This was then used to install a very powerful rootkit called Demodex to their server. 

The toolkit is developed in such a manner that it continues to stay on the system even after the operating system is reinstalled and updated to Windows 10. 

The main reason why this group sticks out is because the group seems to be using anti-forensics and anti-analysis tools that caused a hindrance to security researchers who were trying to analyse their malware.

They also packaged fake data and sent it to the command rather than sending the real things. This kind of sophistication that GhostEmperor displays is something to keep your eye on. 

Share this…
  • Facebook
  • Twitter
  • Pinterest
  • Whatsapp

Continue Reading

Previous: Fact Check: Images from an Indian drama being used to show detention of PLA soldiers by the Indian Army
Next: Fact-Check: PM Modi declared ‘Chief President’ amongst 53 world leaders?

Related Stories

untitled image
  • Fact Check
  • Featured
  • Misleading-en

Fact Check: Viral Photos Claiming to Show U.S. Officials at Pakistan’s Kirana Hills Are Misleading

Aayushi Rana May 18, 2025
tele4
  • Fact Check
  • Fake
  • Featured
  • Generative AI

Viral ‘Daily Telegraph’ Clipping Praising Pakistan Air Force is AI-Generated

Dilshad Noor May 17, 2025
Rajnath fake letter
  • Fact Check
  • Featured
  • Misleading-en

Fake letter of Rajnath Singh instructing army to hide losses shared on social media

Nisar Ahmed Siddiqui May 16, 2025

fact check

Fact Check: Viral Photos Claiming to Show U.S. Officials at Pakistan’s Kirana Hills Are Misleading untitled image

Fact Check: Viral Photos Claiming to Show U.S. Officials at Pakistan’s Kirana Hills Are Misleading

May 18, 2025
Viral ‘Daily Telegraph’ Clipping Praising Pakistan Air Force is AI-Generated tele4

Viral ‘Daily Telegraph’ Clipping Praising Pakistan Air Force is AI-Generated

May 17, 2025
Fake letter of Rajnath Singh instructing army to hide losses shared on social media Rajnath fake letter

Fake letter of Rajnath Singh instructing army to hide losses shared on social media

May 16, 2025
False claim of Turkey and Azerbaijan citizens boycott of Indian tourists and products shared False claim of Turkish and Azerbaijani citizens boycott of Indian tourists and products shared

False claim of Turkey and Azerbaijan citizens boycott of Indian tourists and products shared

May 16, 2025
Fact Check: Pakistani users spread a deepfake video of Colonel Sofia Qureshi with fake claim Fact Check: Pakistani users spread a deepfake video of Colonel Sofia Qureshi with fake claim

Fact Check: Pakistani users spread a deepfake video of Colonel Sofia Qureshi with fake claim

May 15, 2025
Fake News of Nuclear Warhead explosion and radiation leak at Beas BrahMos Depot shared Fake nuclear leak

Fake News of Nuclear Warhead explosion and radiation leak at Beas BrahMos Depot shared

May 15, 2025

Connect with Us

  • Facebook
  • Instagram
  • Twitter
  • Youtube

IFCN certified

Newsletter

  • About Us
  • Contact us
  • Terms and Conditions
  • Privacy Policy
  • Non-Partisanship Policy
  • Facebook
  • Instagram
  • Twitter
  • Youtube
Copyright © 2025 | All Rights Reserved | Developed by OppsWeb Solutions | MoreNews by AF themes.