"Beware: GhostSpider Malware Attacks Unveiled!" - The Hacker News

Tech and Innovation
, , , ,
1

Executive Summary

The Chinese APT group Earth Estries has been linked to sophisticated cyberattacks on telecommunications and other industries across 12+ countries using the new GHOSTSPIDER malware. Leveraging advanced tactics and a range of custom tools, Earth Estries has successfully conducted long-term espionage, highlighting the maturation of China’s cyber operations.

Main Points

  1. Attack Scope:

    • Earth Estries has targeted telecommunications, government networks, and industries like technology, consulting, chemical, and transportation.
    • Victims span 12+ countries, including the U.S., India, Indonesia, Malaysia, and South Africa, with over 20 entities compromised and 150 notified victims in the U.S. alone.

  2. Malware and Tools:

    • Key tools include GHOSTSPIDER, Demodex rootkit, and Deed RAT (successor to ShadowPad).
    • Additional malware families used include Crowdoor, SparrowDoor, HemiGate, TrillClient, and Zingdoor.
    • The malware employs a custom protocol with TLS for secure communication and modular updates for flexible functionality.

  3. Exploitation Methods:

    • Earth Estries exploits known security flaws (N-day vulnerabilities) in systems like Ivanti Connect Secure, Fortinet FortiClient EMS, Sophos Firewall, and Microsoft Exchange (e.g., ProxyLogon).
    • These flaws allow initial access, paving the way for deploying custom malware for espionage.

  4. Operational Sophistication:

    • The group demonstrates a high level of organization, with specialized teams for different regions, industries, and infrastructure management.
    • Attacks extend from edge devices to cloud environments, using stealth techniques to evade detection.

  5. Broader Context:

    • Earth Estries is associated with other APT clusters like FamousSparrow, GhostEmperor, and UNC2286.
    • This reflects a shift in China’s cyber strategy from isolated attacks to bulk data collection and long-term targeting of Managed Service Providers (MSPs) and Internet Service Providers (ISPs).

  6. Key Takeaway:

    • The campaign underlines the evolving threat posed by Chinese cyber actors and the critical need for organizations to address known vulnerabilities, enhance monitoring, and adopt robust cybersecurity practices.

Original Link: Chinese Hackers Use GHOSTSPIDER Malware to Hack Telecoms Across 12+ Countries

12ft.io Link: https://12ft.io/https://thehackernews.com/2024/11/chinese-hackers-use-ghostspider-malware.html
Archive.org Link: https://web.archive.org/web/https://thehackernews.com/2024/11/chinese-hackers-use-ghostspider-malware.html

User Message: Chinese Hackers Use GHOSTSPIDER Malware to Hack Telecoms Across 12+ Countries

for more on see the post on bypassing methods