A China-based hacker group named GhostRedirector has compromised over 65 Windows servers worldwide, primarily using SEO fraud techniques to promote gambling sites. The campaign involved deploying new backdoors, Rungan and Gamshen, to manipulate search rankings and maintain persistent access. #GhostRedirector #Gamshen
Keypoints
- The hacker group targeted servers across various countries including Brazil, Peru, Thailand, Vietnam, and the United States.
- They used two new backdoors, Rungan for remote command execution and Gamshen for SEO manipulation.
- Gamshen is embedded in Microsoft IIS servers and is designed to boost gambling websitesβ search engine rankings.
- The campaign appears to be opportunistic, exploiting vulnerable servers rather than targeting specific organizations.
- Researchers believe the operation is linked to China, with possible connections to other Chinese cyber campaigns like DragonRank.
Read More: https://therecord.media/seo-scheme-windows-malware-gambling-sites-ghostredirector