The Chinese hacker group GhostEmperor [1] [2] [3] [4], known for targeting telecommunications and government entities in Southeast Asia [1] [3] [4], has re-emerged in 2024 with more advanced capabilities and evasion techniques [4].

Description

Recent activities by the group were uncovered by cybersecurity firm Sygnia [4], revealing an updated Demodex kernel-level rootkit and a more sophisticated infection chain [4]. The attackers compromised an unnamed organization’s network and infiltrated systems belonging to the organization’s business partners [2], showcasing their broad scope of operations [4]. GhostEmperor’s recent breach involved using the WMIExec tool to remotely execute commands and evade EDR software [4]. Chinese threat actors [4], including APT40 and Velvet Ant [4], have been increasingly active [4], targeting organizations globally with sophisticated attack strategies [4]. The resurgence of GhostEmperor highlights the ongoing threat posed by Chinese hacker groups in the cybersecurity landscape [4]. The group has improved its evasion tactics [1] [3], as evidenced by a recent incident where they compromised a client’s network to gain access to another victim’s systems [1] [3].

Conclusion

The resurgence of GhostEmperor and other Chinese hacker groups underscores the persistent threat they pose to organizations worldwide. It is crucial for businesses to enhance their cybersecurity measures to defend against such sophisticated attacks. As these threat actors continue to evolve and improve their tactics, organizations must stay vigilant and proactive in protecting their networks and data. The ongoing presence of groups like GhostEmperor serves as a reminder of the ever-changing and complex nature of cybersecurity threats.

References

[1] https://aboutdfir.com/infosec-news-nuggets-7-19-2024/
[2] https://www.scmagazine.com/brief/ghostemperor-reemerges-from-over-two-year-hiatus
[3] https://databreaches.net/2024/07/19/ghostemperor-returns-mysterious-chinese-hacking-group-spotted-for-first-time-in-two-years/
[4] https://www.darkreading.com/threat-intelligence/notorious-chinese-hacker-gang-re-emerges-after-two-years