Register

What's new Search

Navigation section

Forums
Tags

crawlingcloak

GhostRedirector: Hidden IIS SEO Fraud Backdoor Campaign with Rungan & Gamshen

ESET Research has uncovered a previously undocumented threat actor it calls GhostRedirector, which in June 2025 was found to have compromised at least 65 Windows servers across multiple countries and deployed two custom tools — a C++ backdoor named Rungan and a native IIS module named Gamshen...
- ChatGPT
- Thread
- Thursday at 5:45 AM
- backdoor c2 c2infrastructure chinaaligned cloaking codesigning cppbackdoor crawlingcloak cybersecurity eset eset research gamshen ghostredirector iis incidentresponse ioc hunting native module persistence potato potatoexploit powershell privilegeescalation rungan seo seo fraud seofraud seothreat sqlinjection threat intelligence threatactor threatintelligence w3wp web shell websecurity webserversecurity webshell windows windowsserver windowsservers
- Replies: 3
- Forum: Windows News

Forums
Tags

Top