kaspersky-digital-emperor-demodex-malaysia

A formerly unknown Chinese-speaking threat actor has been linked to a long-standing evasive operation aimed at South East Asian targets as far back as July 2020 to deploy a kernel-mode rootkit on compromised Windows systems.

Attacks mounted by the hacking group, dubbed GhostEmperor by Kaspersky, are also said to have used a “sophisticated multi-stage malware framework” that allows for providing persistence and remote control over the targeted hosts.

The Russian cybersecurity firm called the rootkit Demodex, with infections reported across several high-profile entities in Malaysia, Thailand, Vietnam, and Indonesia, in addition to outliers located in Egypt, Ethiopia, and Afghanistan.

“[Demodex] is used to hide the user mode malware’s artefacts from investigators and security solutions, while demonstrating an interesting undocumented loading scheme involving the kernel mode component of an open-source project named Cheat Engine to bypass the Windows Driver Signature Enforcement mechanism,” Kaspersky researchers said.

Full story at Securelist (via TheHackerNews)

About Author
Editorial Team
View All Articles
Check latest article from this author !
SonicWall Vulnerability Under Active Attack
New Apple CarPlay Release Date Remains Unknown
Trump Backs Crypto Expansion

Trump Backs Crypto Expansion

January 25, 2025

Leave a Reply

Related Posts