Suspected Chinese threat actors have weaponized the open-source tool Nezha to deliver Gh0st RAT malware, targeting over 100 systems worldwide. The attack involved log poisoning to plant web shells and exploited vulnerable phpMyAdmin panels, demonstrating the abuse of publicly available tools in sophisticated cyber operations. #Nezha #Gh0stRAT
Keypoints
- Threat actors used log poisoning to install web shells on targeted servers.
- The attackers exploited vulnerable phpMyAdmin panels for initial access.
- Nezha was deployed to facilitate remote control over infected hosts.
- Over 100 victim machines were identified across multiple countries.
- The malware deployment involved PowerShell scripts and Microsoft Defender exclusions.
Read More: https://thehackernews.com/2025/10/chinese-hackers-weaponize-open-source.html