GhostEmperor: From ProxyLogon to kernel mode

Title: GhostEmperor: From ProxyLogon to kernel mode

Published:  Thu, 30 Sep 2021 10:00:49 +0000

Description: While investigating a recent rise of attacks against Exchange servers, we noticed a recurring cluster of activity that appeared in several distinct compromised networks. With a long-standing operation, high profile victims, advanced toolset and no affinity to a known threat actor, we decided to dub the cluster GhostEmperor.

Read full article on SECURELIST.COM