Ghost

Malware updated 15 hours ago (2024-10-17T13:04:31.620Z)
Download STIX
Preview STIX
"Ghost" refers to a sophisticated malware network that was discovered and dismantled in 2020 following a two-year investigation led by Europol and global law enforcement agencies. The network, also known as the Stargazers Ghost Network, was found to be operating through GitHub accounts, distributing malware or malicious links via phishing repositories. This discovery was part of a larger bilateral CDU/MDANG Ex Cyber Ghost operation. The Ghost network was not only a threat to individual users but also facilitated illegal activities such as drug trafficking and money laundering. The mastermind behind Ghost is believed to be a 32-year-old man from Sydney, who was arrested by the Australian Federal Police. They seized cryptocurrency worth $AU 9.3 million (equivalent to $6.4 million USD) linked to him. This encrypted messaging service, Ghost, was extensively used by organized crime groups for communication, making its takedown a significant victory against cybercrime. The operation was part of a broader effort by authorities worldwide to combat illicit online activities, with other events including a cyberattack against car rental company Avis, an attack by Ukrainian hackers against Russian authority Osnovanie, and regulatory actions against tech companies like Nvidia. Despite the successful operation against Ghost, the cybersecurity landscape remains fraught with challenges. Other malware networks continue to operate, exploiting vulnerabilities in systems and software. Users are advised to adopt preventive measures, such as enabling "ghost mode" on platforms like Snapchat to protect their location data, and being cautious of suspicious downloads, emails, and websites. Moreover, incidents like the multi-year "spear-phishing" campaign led by a Chinese national underscore the global nature of these threats, necessitating international cooperation and vigilance in combating cybercrime.
Description last updated: 2024-10-17T12:08:02.081Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Ghostsec is a possible alias for Ghost. GhostSec is a malicious software (malware) that has been identified as a significant threat to computer systems and data security. This malware, designed to exploit and damage computer systems, infiltrates user devices through suspicious downloads, emails, or websites without the user's knowledge. O
3
Stargazer Goblin is a possible alias for Ghost. Stargazer Goblin is a sophisticated malware entity that has been operating since August 2022. It has leveraged GitHub, a platform typically considered legitimate, to distribute various malware families, including Atlantida Stealer, Rhadamanthys infostealer, RisePro, Redline, and Lumma Stealer. This
2
Stargazers Ghost Network is a possible alias for Ghost. The Stargazers Ghost Network, a threat actor group discovered by Check Point Research (CPR), has been identified as a significant cybersecurity concern. This group operates and maintains a network of GitHub accounts that are used to distribute malware and malicious links through phishing repositorie
2
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Ransomware
Phishing
Exploit
Github
Facebook
Australian
Europol
Police
Ransom
Vulnerability
Rat
Fraud
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
Alias DescriptionAssociation TypeVotes
The Lockbit Malware is associated with Ghost. LockBit is a notorious malware that operates on a ransomware-as-a-service model, which has been responsible for significant cyber attacks across the globe. One of its most high-profile targets was Boeing, from whom the LockBit gang claimed to have stolen data. This incident not only disrupted operatis related to
3
The Ghostlocker Malware is associated with Ghost. GhostLocker is a harmful malware developed by the cybercrime gang GhostSec, which has seen a significant surge in its hacking activities over the past year. The group has recently introduced an updated version of this malicious software, known as GhostLocker 2.0 ransomware, a Golang variant of the oUnspecified
3
The Rhadamanthys Malware is associated with Ghost. Rhadamanthys is a sophisticated malware that has been used by the threat actor TA547 to target German organizations. This malicious software, designed to exploit and damage computer systems, infiltrates devices through suspicious downloads, emails, or websites, often unbeknownst to the user. Once emUnspecified
2
The Conti Malware is associated with Ghost. Conti is a notorious type of malware, specifically ransomware, that infiltrates computer systems to steal data and disrupt operations. The malicious software often spreads through suspicious downloads, emails, or websites, and once inside, it can hold data hostage for ransom. The Conti ransomware opUnspecified
2
The Akira Malware is associated with Ghost. Akira is a notorious malware, specifically a ransomware, that has been active since April 2023. It utilizes dual extortion tactics to compromise various industries, as outlined in a technical analysis shared by cybersecurity researchers. The ransomware's modus operandi includes stealing sensitive dais related to
2
Associated Threat Actors
To see the evidence that has resulted in these threatActor associations, create a free account
Alias DescriptionAssociation TypeVotes
The Alphv Threat Actor is associated with Ghost. AlphV, also known as BlackCat, is a notorious threat actor that has been active since November 2021. This group pioneered the public leaks business model and has been associated with various ransomware families, including Akira, LockBit, Play, and Basta. AlphV gained significant attention for its laUnspecified
2
The Zeon Threat Actor is associated with Ghost. Zeon, a known threat actor in the cybersecurity landscape, has been linked to several high-profile ransomware attacks. It was instrumental in crypting SVCReady and CargoBay loaders, observed in Quantum and Royal ransomware attacks respectively. Zeon has also employed third-party ransomware such as Bis related to
2
The Space Kook Threat Actor is associated with Ghost. Space Kook is a threat actor, or malicious entity, identified in the cybersecurity industry for its involvement in ransomware operations. Named after a villain from Scooby Doo, Space Kook was first linked to malicious activities by Halcyon's analysis, which showed connections to an initial access bris related to
2
Associated Vulnerabilities
To see the evidence that has resulted in these vulnerability associations, create a free account
Alias DescriptionAssociation TypeVotes
The vulnerability Lockbit's Ghost is associated with Ghost. Unspecified
2
Source Document References
Information about the Ghost Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
BankInfoSecurity
7 days ago
RIA - Information System Authority
8 days ago
Securityaffairs
18 days ago
ESET
22 days ago
Securityaffairs
a month ago
BankInfoSecurity
a month ago
Securityaffairs
a month ago
BankInfoSecurity
a month ago
InfoSecurity-magazine
a month ago
Fortinet
2 months ago
DARKReading
3 months ago
Checkpoint
3 months ago
Securelist
3 months ago
Unit42
5 months ago
CERT-EU
7 months ago
CERT-EU
7 months ago
CERT-EU
7 months ago
CERT-EU
7 months ago
BankInfoSecurity
7 months ago
CERT-EU
7 months ago