GhostRedirector: A New China-Aligned Threat Targeting Windows Servers for SEO Fraud

September 4, 2025 at 05:58 PM

•

1 min read

GhostRedirector: A New China-Aligned Threat Targeting Windows Servers for SEO Fraud — Photo: The Hacker News

TL;DR Summary

Cybersecurity researchers uncovered GhostRedirector, a threat group targeting at least 65 Windows servers mainly in Brazil, Thailand, and Vietnam, using a passive backdoor called Rungan and an IIS module named Gamshen to conduct SEO fraud and maintain long-term access, with suspected links to China.

Topics:technology #cybersecurity #gamshen-iis-module #ghostredirector #rungan-backdoor #seo-fraud #windows-servers

Share this article

GhostRedirector Hacks 65 Windows Servers Using Rungan Backdoor and Gamshen IIS Module The Hacker News
GhostRedirector poisons Windows servers: Backdoors with a side of Potatoes WeLiveSecurity
New China-aligned crew poisons Windows servers for SEO fraud theregister.com
New threat group uses custom tools to hijack search results Help Net Security
GhostRedirector Emerges as New China-Aligned Threat Actor Infosecurity Magazine

Reading Insights

Total Reads

Unique Readers

Time Saved

4 min

vs 5 min read

Condensed

95%

825 → 44 words

Want the full story? Read the original article

Read on The Hacker News

JavaScript Required

tl;dr daily news requires JavaScript to be enabled. Please enable JavaScript in your browser settings.

Related Sources

Reading Insights