GhostEmperor is a threat actor attributed to CN, also known as RedMike, FamousSparrow, OPERATOR PANDA. This group is tracked in the Strobes VI threat intelligence database.

What vulnerabilities does GhostEmperor exploit?

Specific CVE exploitation data for GhostEmperor is being tracked. Check the Strobes VI threat actor profile for updates.

GhostEmperor

Also known as: RedMike, FamousSparrow, OPERATOR PANDA, UNC2286, Salt Typhoon

Exploited CVEs

Overview

GhostEmperor is a Chinese-speaking threat actor that targets government entities and telecom companies in Southeast Asia. They employ a Windows kernel-mode rootkit called Demodex to gain remote control over their targeted servers. The actor demonstrates a high level of sophistication and uses various anti-forensic and anti-analysis techniques to evade detection. They have been active for a significant period of time and continue to pose a threat to their targets.

Exploited Vulnerabilities

No exploited CVEs have been attributed to this threat actor yet.

Browse CVE Database

Quick Actions