A new Chinese-speaking threat actor has been discovered targeting Microsoft Exchange vulnerabilities. Tracked as GhostEmperor, the group aimed its attacks toward high-profile victims. It is using a toolset and has no similarity or links to any known threat group.
APT groups are updating their toolsets (WildPressure’s macOS-supported Python malware), along with low-tech attacks as well, such as CoughingDown, BountyGlad, and attacks aimed at Codecov.
In recent times, several Chinese APT groups have been discovered targeting government agencies and private organizations across Asia, as well as across the globe. GhostEmperor threat group depicts how adversaries find ways to exploit vulnerabilities to target new victims. The use of unknown and advanced rootkits, as in this case, poses a greater danger for enterprise products such as Microsoft Exchange servers.