Ghostnet

GhostNet, a threat actor identified as a significant cybersecurity concern, was uncovered in 2009 as a cyber espionage operation that infiltrated computers across 103 countries. The operation demonstrated the vulnerability of government agencies and embassies worldwide to targeted cyber attacks. In one of its notable actions, GhostNet infected 1,295 computers, including the Dalai Lama's network in Dharamsala, India. The cyberespionage operation is believed to originate from China, further escalating global cybersecurity tensions. Between June and September 2022, GhostNet utilized several command and control (C&C) servers to carry out its operations. The first known C&C server (5.230.73[.]250) was activated on June 1, 2022, followed by others throughout August and September. These servers were instrumental in managing the botnets used in GhostNet's cyber-attacks, allowing for remote control and data exfiltration from compromised systems. In retaliation to GhostNet's activities, hackers targeted various entities linked to the group's presumed origins. Notably, the website of the U.S. Embassy in Beijing was defaced with the phrase "Down with the Barbarians!" Additionally, the email accounts of the Save Darfur Coalition, an organization opposing Chinese involvement in Sudan, were targeted in 2008. These incidents highlight the far-reaching impacts of GhostNet's operations and the subsequent retaliatory actions within the broader context of international cybersecurity.