Kaspersky documented a new Chinese-speaking threat actor—GhostEmperor—targeting Microsoft Exchange flaws in high-profile attacks in Southeast Asia. The group evades the Windows Driver Signature Enforcement by using an undocumented loading scheme. Organizations are suggested to implement multi-layered security architecture of reliable anti-malware, firewalls, Host-based Intrusion Detection Systems, and Intrusion Prevention Systems.

By admin