GhostRedirector: A New China-Aligned Threat Targeting Windows Servers for SEO Fraud
Cybersecurity researchers uncovered GhostRedirector, a threat group targeting at least 65 Windows servers mainly in Brazil, Thailand, and Vietnam, using a passive backdoor called Rungan and an IIS module named Gamshen to conduct SEO fraud and maintain long-term access, with suspected links to China.