Heimdal
article featured image

Contents:

A new report shows that in Q2, 2021 the threat environment experienced major growth in cyberattacks against Microsoft Exchange servers.

Last week, Kaspersky security specialists disclosed in Kaspersky’s APT Trends Q2 2021 report the specifics of a unique, long-standing Advanced Persistent Threat (APT) campaign dubbed GhostEmperor. 

According to the report, the Chinese-speaking APT GhostEmperor took advantage of Microsoft Exchange flaws in order to attack high-profile entities with an advanced toolkit that had been functional from as early as July 2020.

The ongoing campaign performed by this hacking threat actor mostly targeted Southeast Asia-based organizations, including various government entities and telecommunications businesses.

The report indicates that the operation used a previously unfamiliar Windows kernel-mode rootkit and an advanced multi-stage malware framework meant to provide remote control over the damaged servers.

Acting covertly, rootkits are notorious for hiding from investigators and security solutions. To bypass the Windows Driver Signature Enforcement mechanism, GhostEmperor uses a loading scheme involving a component of an open-source project named “Cheat Engine. This advanced toolset is unique and Kaspersky researchers see no similarity to already known threat actors.

Source

The cybersecurity provider spotted the GhostEmperor campaign while looking into several operations targeting Microsoft Exchange servers. Security experts state that the GhostEmperor Advanced Persistent Threat (APT) is a brand new danger as it doesn’t act like any other known threats.

David Emm, a security expert at Kaspersky declared:

As detection and protection techniques evolve, so do APT actors. They typically refresh and update their toolsets.

GhostEmperor is a clear example of how cybercriminals look for new techniques to use and new vulnerabilities to exploit. Using a previously unknown, sophisticated rootkit, they brought new problems to the already well-established trend of attacks against Microsoft Exchange servers.

The cybersecurity organization’s report reminds us once again that advanced threat actors will continue to adapt and evolve, change their strategies, invest in their toolsets, and launch new waves of activity.

Author Profile

Antonia Din

PR & Video Content Manager

linkedin icon

As a Senior Content Writer and Video Content Creator specializing in cybersecurity, I leverage digital media to unravel and clarify complex cybersecurity concepts and emerging trends. With my extensive knowledge in the field, I create content that engages a diverse audience, from cybersecurity novices to experienced experts. My approach is to create a nexus of understanding, taking technical security topics and transforming them into accessible, relatable knowledge for anyone interested in strengthening their security posture.

CHECK OUR SUITE OF 11 CYBERSECURITY SOLUTIONS

SEE MORE