New Chinese-speaking cyberespionage group targets high-profile victims in Southeast Asia

New Chinese-speaking cyberespionage group targets high-profile victims in Southeast Asia

Security researchers at Kaspersky discovered a previously undocumented cyberespionage campaign that uses vulnerabilities in Microsoft Exchange email software in attacks targeting high-profile victims in Southeast Asia, including government entities and telecom companies.

Dubbed GhostEmperor, the Chinese-speaking threat actor has been observed using a never-before-seen Windows kernel-mode rootkit that provides remote access to target servers.

GhostEmperor leverages a loading scheme involving a component of an open-source project named “Cheat Engine,” which allows them to bypass the Windows Driver Signature Enforcement mechanism. This advanced toolset, which has been in use since at least July 200, is unique, Kaspersky says, and bears no similarity to already known threat actors.

“As detection and protection techniques evolve, so do APT actors,” said David Emm, security expert at Kaspersky. “They typically refresh and update their toolsets. GhostEmperor is a clear example of how cybercriminals look for new techniques to use and new vulnerabilities to exploit. Using a previously unknown, sophisticated rootkit, they brought new problems to the already well-established trend of attacks against Microsoft Exchange servers.”


Back to the list

Latest Posts

Researchers caught embedding hidden AI prompts to sway research reviewers

Researchers caught embedding hidden AI prompts to sway research reviewers

The investigation analyzed English-language preprints published on the research platform arXiv and found concealed AI instructions in 17 papers.
7 July 2025
Brazilian programmer arrested for role in $185 million bank hack

Brazilian programmer arrested for role in $185 million bank hack

João Nazareno Roque, a junior back-end developer at C&M, was allegedly recruited by hackers in a bar in São Paulo.
7 July 2025
APT36 cyber-espionage campaign targeting Indian defense sector via BOSS Linux

APT36 cyber-espionage campaign targeting Indian defense sector via BOSS Linux

More recently, APT36 has shifted its focus to Linux-based environments.
7 July 2025