• Send Us A Tip
  • Calling all Tech Writers
  • Advertise
Monday, July 14, 2025
  • Login
TechStory
  • News
  • Crypto
  • Gadgets
  • Memes
  • Gaming
  • Cars
  • AI
  • Startups
  • Markets
  • How to
No Result
View All Result
  • News
  • Crypto
  • Gadgets
  • Memes
  • Gaming
  • Cars
  • AI
  • Startups
  • Markets
  • How to
No Result
View All Result
TechStory
No Result
View All Result
Home Gadgets

Chinese espionage group uses rootkit compatible with Windows 10

by Manasi Varma
October 1, 2021
in Gadgets, News, Tech
Reading Time: 2 mins read
0
From Cashless to Moneyless: Inviting Hackers through Demonetization !
TwitterWhatsappLinkedin

Analysts from Kaspersky Lab, a security firm, have found out about a new Chinese espionage group that apparently makes use of a rootkit that is compatible with Windows 10 systems, to carry out targeting of high profile accounts in the South East Asian region, since July 2020 at least.

You might also like

India’s First University-Led Startup Platform ‘Campus Tank’ Launched in Chandigarh

ISRO’s Bold Call Saves the Day: Shubhanshu Shukla Becomes First Indian on the ISS

Ola Electric Faces Major Setback in Maharashtra as 90% of Showrooms Shut Down

Chinese espionage group uses rootkit compatible with Windows 10
Image Credits: Redmond Mag

Sophisticated Tools to Attack

Kaspersky has said that the new group, which calls itself GhostEmperor, usually focuses on “gaining and keeping” a long-term access to its victims data, mainly by making use of sophisticated tools. Researchers have revealed that the threat actor managed “to stay under the radar for months,” perhaps by using a rootkit that works even with Windows 10.

GhostEmperor apparently makes use of public-facing servers to gain entry into systems, most notable among them being the Oracle, Apache, and Microsoft Exchange servers. They use it to breach their victim’s perimeter network, finally pivoting to the more sensitive systems inside the network.

The news was first made public at the SAS 2021 security conference held recently, and asserts that the threat actors create back doors into the victim’s networks by making use of a number of different tools and script. The back door allows them to download Cheat Engine, a tool which can introduce cheats into video games (and is frequently used by gamers), and run it.

The tool’s drivers can help bypass the Windows PatchGuard security gateway, opening the path for installing the rootkit into the victim’s Windows operating system. The rootkit has been named “Demodex,” and according to the team, is highly advanced, allowing the group to remain in contact with the victim’s system even in the face of OS reinstalls.

Anti-forensic Malware

Apparently, that’s not the only trick GhostEmperor had up their sleeves, as Kaspersky has noted that their malware came equipped with a number of “unusual and sophisticated” tools having anti-forensic and anti-analysis properties. This, they believe, made it difficult for security researchers to analyse the rootkit.

Moreover, the espionage group also re-packaged data into fake multimedia formats, in order to modify the communications between infected hosts and their command and control servers. For example, if any security app came across the group’s malware, all they would find would be files classified as JPEG, RIFF, or PNG, and hosted on an Amazon server.

Kaspersky has, without naming any names, claimed that the threat hackers mainly attacked governmental entities and even telecom firms across South East Asia.

 

Source: The Cord

 

Tags: ApacheCheat EngineDemodexGhostEmperorKaspersky LabMicrosoft PatchGuardOracleWindows 10
Tweet54SendShare15
Previous Post

Apple iPhone 14 series to feature QLC Flash memory supporting upto 2TB storage

Next Post

Doctor uses Apple iPhone 13 Pro’s camera to monitor eyes of cornea

Manasi Varma

A 20-something year old with a flair for writing, a love for reading, and an obsession for KPop. Most amicable person you'll ever meet.

Recommended For You

India’s First University-Led Startup Platform ‘Campus Tank’ Launched in Chandigarh

by Ishaan Negi
July 14, 2025
0
India’s First University-Led Startup Platform ‘Campus Tank’ Launched in Chandigarh

India has launched its first university-led startup platform, Campus Tank, giving young entrepreneurs under 30 a chance to pitch their ideas for a $1 million investment. Launched in...

Read more

ISRO’s Bold Call Saves the Day: Shubhanshu Shukla Becomes First Indian on the ISS

by Ishaan Negi
July 14, 2025
0
Shubhanshu Shukla’s Axiom-4 Space Mission Delayed Again Due to Rocket Leak

As the first Indian to visit the International Space Station (ISS) and only the second Indian in orbit after Rakesh Sharma in 1984, astronaut Shubhanshu Shukla made history...

Read more

Ola Electric Faces Major Setback in Maharashtra as 90% of Showrooms Shut Down

by Ishaan Negi
July 14, 2025
0
Bank of America starts coverage on Ola Electric with ‘buy’ rating, anticipates 35% upside

Ola Electric, once hailed as the undisputed leader in India’s booming electric two-wheeler market, is now under intense regulatory pressure in Maharashtra — the country’s largest EV market....

Read more
Next Post
Doctor uses Apple iPhone 13 Pro's camera to monitor eyes of cornea

Doctor uses Apple iPhone 13 Pro's camera to monitor eyes of cornea

Please login to join discussion

Techstory

Tech and Business News from around the world. Follow along for latest in the world of Tech, AI, Crypto, EVs, Business Personalities and more.
reach us at [email protected]

Advertise With Us

Reach out at - [email protected]

BROWSE BY TAG

#Crypto #howto 2024 acquisition AI amazon Apple Artificial Intelligence bitcoin Business China cryptocurrency e-commerce electric vehicles Elon Musk Ethereum facebook funding Gaming Google India Instagram Investment ios iPhone IPO Market Markets Meta Microsoft News NFT samsung Social Media SpaceX startup startups tech technology Tesla TikTok trend trending twitter US

© 2024 Techstory.in

No Result
View All Result
  • News
  • Crypto
  • Gadgets
  • Memes
  • Gaming
  • Cars
  • AI
  • Startups
  • Markets
  • How to

© 2024 Techstory.in

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In
Are you sure want to unlock this post?
Unlock left : 0
Are you sure want to cancel subscription?