GhostEmperor: From ProxyLogon to kernel mode

30 September 2021

Title: GhostEmperor: From ProxyLogon to kernel mode

Published: Thu, 30 Sep 2021 10:00:49 +0000

Description: While investigating a recent rise of attacks against Exchange servers, we noticed a recurring cluster of activity that appeared in several distinct compromised networks. With a long-standing operation, high profile victims, advanced toolset and no affinity to a known threat actor, we decided to dub the cluster GhostEmperor.

Read full article on SECURELIST.COM

Date:

30 September 2021

Categorie(s):

SECURELIST

Tag(s):

APT, APT reports, Drivers, Dropper

New Bitsight, Moody’s service seeks to bolster cyber risk management23 April 2024
Russian hackers’ custom tool exploits old Windows Print Spooler flaw (CVE-2022-38028)23 April 2024
Nespresso Domain Hijacked in Phishing Attack Targeting Microsoft Logins23 April 2024
End-to-End Encryption Sparks Concerns Among EU Law Enforcement23 April 2024
GAO: Most Biden cybersecurity EO requirements achieved23 April 2024