Title: GhostEmperor: From ProxyLogon to kernel mode
Published: Thu, 30 Sep 2021 10:00:49 +0000
Description: While investigating a recent rise of attacks against Exchange servers, we noticed a recurring cluster of activity that appeared in several distinct compromised networks. With a long-standing operation, high profile victims, advanced toolset and no affinity to a known threat actor, we decided to dub the cluster GhostEmperor.
Read full article on SECURELIST.COM