China-linked ransomware actor hitting multiple verticals.
An advisory has been issued by the FBI and CISA warning about the continued exploitation of known flaws by the China-linked Ghost ransomware group.
In the statement, the agencies said attacks began in 2021, when Ghost actors began attacking victims whose internet facing services ran outdated versions of software and firmware. “This indiscriminate targeting of networks containing vulnerabilities has led to the compromise of organizations across more than 70 countries, including organisations in China,” where the actors are mostly based.
Financial Gain
The agencies said Ghost conduct these widespread attacks for financial gain. Publicly available code is utilised to exploit common vulnerabilities and exposures, and gain access to internet facing servers.
Affected victims include critical infrastructure, schools and universities, healthcare, government networks, religious institutions, technology and manufacturing companies, and numerous small- and medium-sized businesses.
Juliette Hudson, CTO of CybaVerse, called Ghost a “dangerous nation-state threat actor which organisations must take efforts to protect against.”
“The group is actively exploiting known CVEs in ubiquitous tech, highlighting the need for organisations to prioritise patching and remediation efforts,” she said. “While many ransomware groups primarily use social engineering tactics to compromise targets, this joint advisory from CISA and the FBI highlights the growing trend in threat actors exploiting vulnerabilities for initial access into systems.
“This reinforces the importance of applying security patches as soon as they are disclosed, as research repeatedly shows that the time between the discovery of a vulnerability and its exploitation is tightening.”
Written by
Dan Raywood
Senior Editor
SC Media UK
Dan Raywood is a B2B journalist with more than 20 years of experience, including covering cybersecurity for the past 16 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Conference, BSides Scotland, Steelcon and ESET Security Days.
Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.
