fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

GhostEmperor Hackers Use New Windows 10 Rootkit In Attacks

GhostEmperor Hackers Use New Windows 10 Rootkit In Attacks

Chinese-speaking cyberspies have targeted Southeast Asian governmental entities and telecommunication companies for more than a year, backdooring systems running the latest Windows 10 versions with a newly discovered rootkit.

The hacking group, dubbed GhostEmperor by Kaspersky researchers who spotted it, use the Demodex rootkit, which acts as a backdoor to maintain persistence on compromised servers.

This rootkit’s primary goal is to hide malware artifacts (including files, registry keys, and network traffic) to evade detection by both forensic investigators and security products.

“To bypass the Windows Driver Signature Enforcement mechanism, GhostEmperor uses a loading scheme involving a component of an open-source project named ‘Cheat Engine’, “Kaspersky said in July when it released the first details regarding this threat actor.

Also Read: Overview of the Personal Data Protection Act – SG

“This advanced toolset is unique and Kaspersky researchers see no similarity to already known threat actors. Kaspersky experts have surmised that the toolset has been in use since at least July 2020.”

GhostEmperor infection chain
GhostEmperor infection chain (Kaspersky)

To breach their victims’ servers, the threat actors exploited known vulnerabilities in Internet-facing server software, including Apache, Window IIS, Oracle, and Microsoft Exchange (the latter hit two days after the ProxyLogon bugs were publicly disclosed).

GhostEmperor also uses a “sophisticated multi-stage malware framework” that allows the attackers with remote control capabilities over breached devices to provide remote control over the attacked servers.

Skilled hacking group with a focus on high-profile targets

GhostEmperor operators showed that they are “accomplished in their craft” and with a significant set of skills highlighted through the use of both sophisticated and uncommon anti-analysis and anti-forensic techniques.

While the vast majority of their attacks were focused on telecom firms and government organizations from South East Asia (e.g., Malaysia, Thailand, Vietnam, Indonesia), the researchers also observed targeting of other geopolitical areas, including countries like Egypt, Ethiopia, and Afghanistan.

Also Read: 5 ways on how to destroy documents securely to prevent data breach

“We observed that the underlying actor managed to remain under the radar for months, all the while demonstrating a finesse when it came to developing the malicious toolkit, a profound understanding of an investigator’s mindset and the ability to counter forensic analysis in various ways,” Kaspersky concluded.

“The attackers conducted the required level of research to make the Demodex rootkit fully functional on Windows 10, allowing it to load through documented features of a third-party signed and benign driver.

“This suggests that rootkits still need to be taken into account as a TTP during investigations and that advanced threat actors, such as the one behind GhostEmperor, are willing to continue making use of them in future campaigns.”

Further technical details regarding GhostEmperor’s tactics and the Demodex rootkit can be found in Kaspersky’s deep dive and report.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us