According to the Global Research and Analysis Team (GReAT), the GhostContainer malware was installed in systems using Microsoft Exchange, as part of a long-term, advanced persistent threat (APT) campaign targeting key organizations in the Asia region, including major technology companies.
GhostContainer, hidden in a file named App_Web_Container_1.dll, is actually a multi-purpose backdoor. It is capable of extending its functionality by loading additional remote modules and is based on a variety of open source tools. The malware disguises itself as a legitimate component of the host system, using sophisticated evasion techniques to bypass security software and monitoring systems.
Once inside a system, GhostContainer allows attackers to take control of the Exchange server. It can act as a proxy or an encrypted tunnel, allowing deeper penetration into the internal network or the theft of sensitive data without being detected. These actions have led experts to suspect that the campaign is serving cyber espionage purposes.
Sergey Lozhkin, Head of Kaspersky’s GReAT Asia- Pacific and Middle East-Africa, said that the group behind GhostContainer is very knowledgeable about Exchange and IIS server environments. They use open source code to develop sophisticated attack tools while avoiding obvious traces, making it very difficult to trace the source.
It is not yet possible to determine which group is behind this campaign, as the malware uses code from many open source projects – which means it is likely to be widely exploited by many different cybercriminal groups around the world. Notably, according to statistics, by the end of 2024, approximately 14,000 malware packages were detected in open source projects, up 48% compared to the end of 2023 – showing that the security risks from open source are becoming increasingly serious.
To reduce the risk of falling victim to targeted cyberattacks, businesses should equip their security operations teams with access to up-to-date threat intelligence resources, according to Kaspersky.
Upskilling cybersecurity teams is essential to increase their ability to detect and respond to sophisticated attacks. Businesses should also deploy endpoint detection and troubleshooting solutions, combined with network-level monitoring and protection tools.
Additionally, since many attacks start with phishing emails or other forms of psychological deception, organizations need to provide regular security awareness training to employees. Investing in technology, people, and processes across the board is key to helping businesses strengthen their defenses against increasingly sophisticated threats.
Source: https://nld.com.vn/ma-doc-an-minh-trong-microsoft-exchange-phat-hien-gian-diep-mang-tinh-vi-196250724165422125.htm
Comment (0)