GhostEmperor Resurfaces: Chinese Hacking Group Spotted After Two Years

A previously elusive Chinese hacking group known as GhostEmperor has resurfaced after more than two years of silence. This group is infamous for its sophisticated supply-chain attacks targeting telecommunications and government sectors in Southeast Asia. Cybersecurity firm Sygnia reported that GhostEmperor was involved in a recent incident where it compromised a client’s network to access another victim’s systems.

This marks the first update on GhostEmperor since Kaspersky Lab identified the group in 2021. Amir Sadon, Sygnia’s director of incident response research, expressed uncertainty about the lack of public reports regarding the group’s activities during the past two years, suggesting that the gap could stem from either reduced activity or diminished visibility.

GhostEmperor is known for utilizing a complex hacking tool called a kernel-level rootkit, typically associated with state-sponsored hacking due to the extensive resources required for its development. This rootkit grants the group access to the core of the operating system, enabling it to evade detection by common security measures like endpoint detection and response (EDR) tools.

Sygnia’s findings indicate that the rootkit, named Demodex by Kaspersky, has evolved, showcasing a more intricate infection process that highlights the group’s enhanced stealth and sophistication. Kaspersky’s earlier reports noted GhostEmperor’s targeting of high-profile entities across Southeast Asia and other regions, suggesting that the group may exploit connections to spy on geopolitically significant activities.

The supply-chain implications of the recent attack are particularly concerning, as the group used its foothold in one network to infiltrate the networks of the client’s business partners. Sygnia’s managing director, Azeem Aleem, emphasized the need for organizations to understand their environments better to minimize exposure to breaches, acknowledging that while complete security is unattainable, proactive strategies can help reduce the duration of adversarial access.

Select a plan

Monthly plan

Yearly plan

All plans include

Search for an article

Mysterious Chinese Hacking Group ‘Ghostemperor’ Resurfaces After Two Years

Understanding the South Thailand Insurgency: Key Insights

Why the Tension in South China Sea Claims

The Negative Impact of Social Media on Geopolitical Movements

Malaysia’s Death Penalty and Section 302: A Transformative Era

Special Flight Launched To Repatriate Malaysians From Bangladesh

China’s Investment In Sarawak And Its Implications

What Makes Malaysia Vulnerable To Cyber Attacks?

Chinese Central Bank To Boost Recovery With ‘Precise, Forceful’ Policy

Second-Quarter Malaysian Economy Grows 2.9pc

Khazanah Sells Discontinued KidZania Singapore

Indian rice prices rise as Asian nations prepare for El Nino

Fraudulent CrowdStrike Manual Distributes New Infostealer Malware

Von Der Leyen Vows To Combat Ransomware Attacks On EU Hospitals