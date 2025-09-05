Threat Intelligence

Windows servers besieged by suspected Chinese hackers

China Bans Cyber Attacks: Examining Internet Security with Chinese Flag and Binary Data Through a Magnifying Glass Concept

(Adobe Stock)

At least 65 Windows servers worldwide, particularly in Brazil, Thailand, and Vietnam, have been compromised by the newly discovered Chinese-linked GhostRedirector threat cluster in attacks involving the Rungan backdoor and the Gamshen Internet Information Services module, reports The Hacker News. Intrusions which have primarily targeted organizations in the healthcare, education, technology, insurance, transportation, and retail industries commenced with the abuse of a potential SQL injection bug and subsequent PowerShell usage to launch Rungan, which could execute commands, and Gamshen, which facilitates search engine optimization fraud, according to an analysis from ESET. GhostDirector, whose source code has hard-coded Chinese strings and a Chinese firm-issued code-signing certificate, also deployed other tools enabling remote connections, privileged user creation, website data gathering, and web shell injections. "GhostRedirector also demonstrates persistence and operational resilience by deploying multiple remote access tools on the compromised server, on top of creating rogue user accounts, all to maintain long-term access to the compromised infrastructure," said ESET researchers.

Related

Evolving Russian cyber strategy attributed to intensified Ukrainian efforts

Increasingly advanced cybersecurity defenses were noted by Ukrainian State Service of Special Communications and Information Protection Head Oleksandr Potii to have led Russia to shift toward cyberespionage, distributed denial-of-service attacks, and other non-critical cyber operations after initially launching far-reaching intrusions against the country's critical infrastructure, according to The Record, a news site by cybersecurity firm Recorded Future.

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

Related Terms

Black HatBusiness Email Compromise (BEC)Denial of ServiceDictionary AttackDistributed ScansDomain HijackingGoogle HackingHybrid AttackPassword CrackingReconnaissance

You can skip this ad in 5 seconds