According to the Global Research and Analysis Team (GReAT), the GhostContainer malware was installed in systems using Microsoft Exchange, as part of a long-term, advanced persistent threat (APT) campaign targeting key organizations in the Asia region, including major technology companies.
GhostContainer, hidden in a file named App_Web_Container_1.dll, is actually a multi-purpose backdoor. It is capable of extending its functionality by loading additional remote modules and is based on a variety of open source tools. The malware disguises itself as a legitimate component of the host system, using sophisticated evasion techniques to bypass security software and monitoring systems.
Once in the system, GhostContainer allows attackers to take control of Exchange servers. It can act as a proxy or an encrypted tunnel, allowing them to penetrate deeper into the internal network or steal sensitive data without being detected. These actions have led experts to suspect that the campaign is serving cyber espionage purposes.
Sergey Lozhkin, Head of Kaspersky’s GReAT Asia Pacific and Middle East Africa team, said that the group behind GhostContainer is very knowledgeable about the Exchange and IIS server environments. They use open source code to develop sophisticated attack tools while avoiding obvious traces, making it very difficult to trace the origin.
It is currently unclear which group is behind this campaign, as the malware uses code from multiple open source projects – meaning it is likely to be widely used by various cybercriminal groups around the world. Notably, according to statistics, by the end of 2024, approximately 14,000 malware packages were detected in open source projects, an increase of 48% compared to the end of 2023 – showing that security risks from open source are becoming increasingly serious.
To reduce the risk of falling victim to targeted cyberattacks, businesses should equip their security operations teams with access to up-to-date threat intelligence sources, according to Kaspersky.
Upskilling cybersecurity teams is essential to increase their ability to detect and respond to sophisticated attacks. Businesses should also deploy endpoint detection and troubleshooting solutions, combined with network-level monitoring and protection tools.
Additionally, since many attacks start with phishing emails or other forms of psychological deception, organizations need to regularly provide security awareness training to employees. A coordinated investment in technology, people, and processes is key to helping businesses strengthen their defenses against increasingly complex threats.
Source: https://nld.com.vn/ma-doc-an-minh-trong-microsoft-exchange-phat-hien-gian-diep-mang-tinh-vi-196250724165422125.htm
![[Photo] Party Committees of Central Party agencies summarize the implementation of Resolution No. 18-NQ/TW and the direction of the Party Congress](https://vphoto.vietnam.vn/thumb/1200x675/vietnam/resource/IMAGE/2025/10/27/1761545645968_ndo_br_1-jpg.webp)
![[Photo] National Assembly Chairman Tran Thanh Man receives Chairman of the House of Representatives of Uzbekistan Nuriddin Ismoilov](https://vphoto.vietnam.vn/thumb/1200x675/vietnam/resource/IMAGE/2025/10/27/1761542647910_bnd-2610-jpg.webp)
Comment (0)