GhostRedirector: A New China-Aligned Threat Targeting Windows Servers

September 4, 2025 at 01:30 PM

•

1 min read

GhostRedirector: A New China-Aligned Threat Targeting Windows Servers — Photo: WeLiveSecurity

TL;DR Summary

ESET researchers uncovered GhostRedirector, a China-aligned threat actor that compromised at least 65 Windows servers mainly in Brazil, Thailand, and Vietnam, using custom tools like the passive backdoor Rungan and the malicious IIS module Gamshen to facilitate SEO fraud and maintain persistent access, with activities dating back to at least August 2024.

Topics:technology #backdoor #cybersecurity #ghostredirector #iis-module #seo-fraud #windows-servers

Share this article

GhostRedirector poisons Windows servers: Backdoors with a side of Potatoes WeLiveSecurity
GhostRedirector Hacks 65 Windows Servers Using Rungan Backdoor and Gamshen IIS Module The Hacker News
New China-aligned crew poisons Windows servers for SEO fraud theregister.com
New threat group uses custom tools to hijack search results Help Net Security
GhostRedirector Emerges as New China-Aligned Threat Actor Infosecurity Magazine

Reading Insights

Total Reads

Unique Readers

Time Saved

21 min

vs 22 min read

Condensed

99%

4,351 → 52 words

Want the full story? Read the original article

Read on WeLiveSecurity

JavaScript Required

tl;dr daily news requires JavaScript to be enabled. Please enable JavaScript in your browser settings.

Related Sources

Reading Insights