GhostEmperor hackers use new Windows 10 rootkit in attacks

LASER_oneXM

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
Content source
https://www.bleepingcomputer.com/news/security/ghostemperor-hackers-use-new-windows-10-rootkit-in-attacks/
Chinese-speaking cyberspies have targeted Southeast Asian governmental entities and telecommunication companies for more than a year, backdooring systems running the latest Windows 10 versions with a newly discovered rootkit.

The hacking group, dubbed GhostEmperor by Kaspersky researchers who spotted it, use the Demodex rootkit, which acts as a backdoor to maintain persistence on compromised servers.
Click to expand...
 
  • Like
Reactions: Gandalf_The_Grey, Nevi, [correlate] and 3 others
Andy Ful

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,114
This malware does not use a typical technique of exploiting vulnerable legal drivers. Instead, it abuses the functionality of a signed driver shipped along with legal Cheat Engine:

It abuses features of a legitimate and open-source2 signed driver named dbk64.sys which is shipped along with Cheat Engine, an application created to bypass video game protections and introduce cheats into them. This driver provides capability to write and execute code in kernel space by design, thus allowing it to run arbitrary code in kernel mode.

securelist.com

GhostEmperor: From ProxyLogon to kernel mode

With a long-standing operation, high profile victims, advanced toolset and no affinity to a known threat actor, we decided to dub the threat GhostEmperor.
securelist.com securelist.com
Click to expand...
 
  • Like
Reactions: upnorth, silversurfer, Gandalf_The_Grey and 3 others
You must log in or register to reply here.

Similar threads

vtqhtr413
    • Wow
    • +Reputation
    • Like
Security News Chinese 'Earth Krahang' hackers breach 70 orgs in 23 countries
Replies
0
Views
799
Security News
vtqhtr413
vtqhtr413
vtqhtr413
    • Like
    • +Reputation
Kimsuky Hackers Using New Recon Tool ReconShark in Latest Cyberattacks
Replies
0
Views
859
News Archive
vtqhtr413
vtqhtr413
silversurfer
    • Like
    • +Reputation
Chinese hackers use new custom backdoor to evade detection
Replies
0
Views
591
News Archive
silversurfer
silversurfer

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top