Rewterz Threat Advisory –Multiple McAfee Policy Auditor Security Vulnerabilities
August 2, 2021Rewterz Threat Alert –Vidar Malware – Active IOCs
August 2, 2021Rewterz Threat Advisory –Multiple McAfee Policy Auditor Security Vulnerabilities
August 2, 2021Rewterz Threat Alert –Vidar Malware – Active IOCs
August 2, 2021Severity
High
Analysis Summary
GhostEmperor is a Chinese-speaking threat actor. It mostly focuses on targets in Southeast Asia, including several governmental entities and telecoms companies. It uses a formerly unknown Windows kernel-mode rootkit. Rootkits provide remote control access over the servers they target. Acting covertly, rootkits are notorious for hiding from investigators and security solutions. To bypass the Windows Driver Signature Enforcement mechanism, GhostEmperor uses a loading scheme involving the component of an open-source project named “Cheat Engine”. This advanced toolset is unique and Kaspersky researchers see no affinity to already known threat actors.
Impact
- Security Bypass
Remediation
- For endpoint-level detection, investigation, and timely remediation of incidents, implement EDR solutions.
- Search for IOCs in your environment.