Pro Chinese cybercrime group manipulates SEO to boost gambling websites
ESET researchers have uncovered a professional Chinese cybercrime group that’s manipulating SEO to boost traffic to gambling websites. Nicknamed GhostRedirector… Continue reading Pro Chinese cybercrime group manipulates SEO to boost gambling websites The post Pro Chinese cybercrime group manipulates...
Lynk
ESET researchers have uncovered a professional Chinese cybercrime group that’s manipulating SEO to boost traffic to gambling websites.
Nicknamed GhostRedirector by cybersecurity software company ESET, the bad actor is believed to have compromised at least 65 Windows servers located mainly in Brazil, Thailand, and Vietnam. The researchers claim that the group is using two custom-made tools: a passive C++ backdoor that they’ve dubbed Rungan, and a malicious Internet Information Services (IIS) module that they’ve named Gamshen.
Rungan can execute commands on a compromised server, while Gamshen can carry out SEO fraud to manipulate search engine results. This can boost the page ranking of a website, which is being used by the crime group to increase traffic to gambling websites.
Although it can only modify responses from Googlebot, so will not affect regular website visitors, the use of such a tool can damage host websites’ reputations in the long term.
The researchers have found a series of other custom tools in use by GhostRedirector, as well as some familiar names in the world of cybercrime, like EfsPotato and BadPotato. These are thought to be used as back-ups if Rungan should fail, or to attack servers with higher security privileges.
“We believe with medium confidence that a China-aligned threat actor was behind these attacks,” reads the statement from ESET.
How to protect against cybercrime tools
To protect against such tools, ESET recommends ensuring that organizations are using dedicated accounts, strong passwords, and multifactor authentication wherever possible. Those steps are especially important for IIS server administrators.
This is because GhostRedirector and other cybercriminals can only deploy custom IIS tools on already-compromised servers. Blocking them from accessing them in the first place protects against custom malware like Rungan and, by extension, Gamshen.
ESET also advises that admins should ensure that native IIS modules can be installed only from trusted sources and are signed by a trusted provider, ideally requiring two parties for successful installation.
Featured image: Unsplash
The post Pro Chinese cybercrime group manipulates SEO to boost gambling websites appeared first on ReadWrite.
![12 ebook templates for InDesign, PowerPoint, and Google Docs [free download]](https://knowledge.hubspot.com/hubfs/free-ebook-templates-1-20240529-4957105.webp)
