GhostRedirector
-
WordPress redirect plugin hid dormant backdoor for years
A WordPress redirect plugin installed on more than 70,000 sites hid a dormant backdoor for years, according to a technical analysis by Anchor. The issue involved a hidden update path and a tampered build from an external server.
-
GhostRedirector threat cluster compromises 65 Windows servers, deploys Rungan backdoor and Gamshen IIS module for SEO fraud
A fresh threat cluster named GhostRedirector has compromised at least 65 Windows servers, deploying a passive backdoor called Rungan and an IIS module named Gamshen to conduct SEO fraud, according to ESET researchers. The campaign shows SQL injection-based initial access, PowerShell-based tool delivery, and persistence through multiple remote-access tools, with a China-aligned attribution considered plausible…
