| SYMBOL | COMMON_NAME | aka. SYNONYMS |
GhostEmperor is a Chinese-speaking threat actor that targets government entities and telecom companies in Southeast Asia. They employ a Windows kernel-mode rootkit called Demodex to gain remote control over their targeted servers. The actor demonstrates a high level of sophistication and uses various anti-forensic and anti-analysis techniques to evade detection. They have been active for a significant period of time and continue to pose a threat to their targets.
There are currently no families associated with this actor.
| 2021-09-30
⋅
Kaspersky
⋅
GhostEmperor: From ProxyLogon to kernel mode GhostEmperor GhostEmperor |