GhostRedirector
0 incidentes
0 paises
0 sectores
apt CN Ultimo: -
GhostRedirector is a China-aligned threat cluster first documented around August 2024, primarily motivated by financial gain through SEO fraud as-a-service, specifically promoting various gambling websites. This group distinguishes itself by compromising Windows servers to deploy a malicious Internet Information Services module, Gamshen, which manipulates search engine results. Its activities include using a custom C++ backdoor, Rungan, for remote access. The group is assessed with medium confidence to originate from China, based on hardcoded Chinese strings, code-signing certificates from Chinese companies, and a specific Chinese word used in created user passwords. While some geographic and sector overlaps exist with other groups like DragonRank, no direct connection has been established.