Uptime Hamster: 15d 3h 51mDeploy: 13 Jul 2026 08:04Updated: 2026-07-14
Logo del actor de amenaza GhostRedirector

GhostRedirector

0 incidentes 0 paises 0 sectores apt CN Ultimo: -
Ver en IntelTracker → APTTrail →
GhostRedirector is a China-aligned threat cluster first documented around August 2024, primarily motivated by financial gain through SEO fraud as-a-service, specifically promoting various gambling websites. This group distinguishes itself by compromising Windows servers to deploy a malicious Internet Information Services module, Gamshen, which manipulates search engine results. Its activities include using a custom C++ backdoor, Rungan, for remote access. The group is assessed with medium confidence to originate from China, based on hardcoded Chinese strings, code-signing certificates from Chinese companies, and a specific Chinese word used in created user passwords. While some geographic and sector overlaps exist with other groups like DragonRank, no direct connection has been established.
Tipo
apt
Pais origen
CN
Motivacion
-
Impacto
21
Actualizado
Fri, 30 Ja