Summary: A new threat intelligence report reveals that financially motivated Chinese cybercriminals, known as Ghost, are targeting organizations globally, particularly in North America and the U.K., with ransomware attacks. These attackers exploit unpatched vulnerabilities to gain access, install backdoors, exfiltrate sensitive data, and deploy ransomware. The FBI and Cybersecurity and Infrastructure Security Agency have issued warnings regarding the persistent danger posed by Ghost hackers across more than 70 countries.
Affected: Government offices, energy sector, factories, financial services, hospitals
Keypoints :
- Ghost operates using various aliases and is driven by profit rather than espionage.
- Attacks begin with exploiting public-facing systems to gain initial access and install backdoors.
- Mitigation strategies include regular data backups, keeping systems updated, and employing multi-factor authentication.