Ghost

Malware Profile Updated 15 days ago
Download STIX
Preview STIX
Ghost is a malicious software (malware) that infiltrates computer systems, often without the user's knowledge. It can cause significant damage by stealing personal information, disrupting operations, or holding data hostage for ransom. Ghost first came into prominence in 2020 when it was part of a larger bilateral CDU/MDANG Ex Cyber Ghost planning. The malware has also been linked to certain DNS threats such as Phoenix Domain and Ghost Domain Names, which were the subjects of papers presented at the NDSS Symposium in 2023. In the cybercrime landscape, the Akira ransomware collective and associated "ghost groups" like Zeon have partly filled the vacuum created by the troubles of other groups. These "ghost groups," according to cybersecurity firm RedSense, are highly skilled teams that work quietly on behalf of ransomware operators like LockBit, bolstering their image and generating revenue. They comprise experienced pentesters from Zeon who specialize in big-game hunting and scare victims into thinking their systems have been infected by ransomware, tricking them into installing it. The Justice Department has taken action against individuals associated with these activities. For instance, Echefu and Kosi Goodness Simon-Ebo, who was sentenced to 18 months imprisonment after entering a guilty plea in September, along with James Junior Aliyu, also known as "Old Soldier" and "Ghost", targeted organizations and individuals with fraudulent emails. These emails contained money wiring instructions that redirected to attacker-controlled accounts. Aliyu remains in South African custody, highlighting the global nature of these cyber threats.
What's your take? (Question 1 of 5)
db9238de-6e28-4178-9402-6453b29021bd Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Ghostsec
3
GhostSec is a pro-Palestinian hacktivist group known for its malicious software (malware) attacks. The group has been responsible for various cyberattacks on critical infrastructure, notably in Israel, as reported by Hackread.com. GhostSec has also claimed responsibility for ransomware attacks on op
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Ransomware
Malware
Fraud
Exploit
Vulnerability
Ransom
Rat
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
Lockbitis related to
3
LockBit is a malicious software, or malware, that has been significantly active in recent years. It is designed to infiltrate systems and cause significant damage by stealing sensitive information, disrupting operations, and holding data hostage for ransom. In 2023, security firm Rapid7 named LockBi
GhostlockerUnspecified
3
GhostLocker is a harmful malware developed by the cybercrime gang GhostSec, which has seen a significant surge in its hacking activities over the past year. The group has recently introduced an updated version of this malicious software, known as GhostLocker 2.0 ransomware, a Golang variant of the o
Akirais related to
2
Akira is a compact C++ ransomware that has wreaked havoc across various sectors, impacting over 60 organizations globally. It is compatible with both Windows and Linux systems and is known for its minimalistic JQuery Terminal-based hidden service used for victim communication. The malware enters you
ContiUnspecified
2
Conti is a malware program known for its disruptive capabilities, including stealing personal information and holding data hostage for ransom. It gained notoriety as part of the arsenal of ITG23, a cybercrime group that used it in conjunction with other malicious software like Trickbot, BazarLoader,
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
AlphvUnspecified
2
AlphV, also known as BlackCat, is a significant threat actor within the cybercrime landscape. Throughout 2023, AlphV has been responsible for numerous high-profile ransomware attacks, stealing significant amounts of data from various organizations. The group claimed responsibility for hacking Clario
Zeonis related to
2
Zeon, a known threat actor in the cybersecurity landscape, has been linked to several high-profile ransomware attacks. It was instrumental in crypting SVCReady and CargoBay loaders, observed in Quantum and Royal ransomware attacks respectively. Zeon has also employed third-party ransomware such as B
Space Kookis related to
2
Space Kook is a threat actor, or malicious entity, identified in the cybersecurity industry for its involvement in ransomware operations. Named after a villain from Scooby Doo, Space Kook was first linked to malicious activities by Halcyon's analysis, which showed connections to an initial access br
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
Lockbit's GhostUnspecified
2
None
Source Document References
Information about the Ghost Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
7 months ago
Ghost Accounts, Entitlement Creep and Unwanted Guests
CERT-EU
9 months ago
Unmasking Shadows The Latest Cybercrime Revelation
CERT-EU
a year ago
Ghost Robotics CEO: Robot dogs could save lives at US borders
CERT-EU
4 months ago
Report Finds 45% of Advertised Cybersecurity Positions Are Deceptive | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting
CERT-EU
7 months ago
Beware of Data Security Monsters Lurking in the Shadows this Halloween - Cybersecurity Insiders
CERT-EU
9 months ago
A possible future mission for the US's secretive Phoenix Ghost and Switchblade drones? Hunting Russian nukes
CERT-EU
4 months ago
The 23 best '90s movies on Max for a totally rad night in
CERT-EU
3 months ago
Pennsylvania Fact-Checking, Syria, Florida Legislation, More: Sunday Afternoon ResearchBuzz, March 3, 2024
CERT-EU
7 months ago
Finding You: The Network Effect of Telecommunications Vulnerabilities for Location Disclosure - The Citizen Lab
CERT-EU
8 months ago
Ten Cerebral Anime Like Deathnote
CERT-EU
10 months ago
Twenty Million Scam Emails Reported In Britain
CERT-EU
3 months ago
Microsoft engineer who raised concerns about Copilot image creator pens letter to the FTC
CERT-EU
6 months ago
The lessons Australia’s CEOs are failing to learn
CERT-EU
10 months ago
Links 15/07/2023: LabPlot 2.10.1 and Akademy 2023
Securityaffairs
a year ago
Prilex PoS Malware evolves to target NFC-enabled credit cards
CERT-EU
3 months ago
Operation Cronos: Who Are the LockBit Admins
Unit42
15 days ago
Leveraging DNS Tunneling for Tracking and Scanning
CERT-EU
3 months ago
[Guest Diary] Friend, foe or something in between? The grey area of 'security research' - SANS Internet Storm Center
CERT-EU
9 months ago
10 Best Hackers In Anime, Ranked | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker | National Cyber Security Consulting
Securelist
a year ago
New versions of Prilex PoS malware blocking NFC transactions