GhostEmperor is a threat actor attributed to CN, also known as UNC2286, FamousSparrow, RedMike. This group is tracked in the Strobes VI threat intelligence database.

What vulnerabilities does GhostEmperor exploit?

Specific CVE exploitation data for GhostEmperor is being tracked. Check the Strobes VI threat actor profile for updates.

Agentic AI · Pentesting

Ready for Agentic Automated Testing?

Deploy autonomous AI agents that reason, exploit, and validate complex vulnerability chains — not another scanner, an agentic system that thinks like a senior pentester.

Zero false positives

PoC for every finding

30+ tools orchestrated

Book a Demo Learn More

Setup in 5 minutesSOC 2 & ISO 27001

GhostEmperor

Also known as: UNC2286, FamousSparrow, RedMike, Salt Typhoon, OPERATOR PANDA

Exploited CVEs

Overview

GhostEmperor is a Chinese-speaking threat actor that targets government entities and telecom companies in Southeast Asia. They employ a Windows kernel-mode rootkit called Demodex to gain remote control over their targeted servers. The actor demonstrates a high level of sophistication and uses various anti-forensic and anti-analysis techniques to evade detection. They have been active for a significant period of time and continue to pose a threat to their targets.

Exploited Vulnerabilities

No exploited CVEs have been attributed to this threat actor yet.

Browse CVE Database