A stealthy and highly sophisticated malware dubbed GhostContainer has been discovered targeting Microsoft Exchange servers in government and high-tech environments across Asia. This backdoor blends seamlessly into normal operations, making it incredibly hard to detect, while allowing attackers to maintain long-term access, all without ever reaching out to an external command-and-control server. By exploiting a known Exchange vulnerability and using open-source tools to create fake web pages for covert communication, the attackers built a custom malware ecosystem tailored for espionage. GhostContainer’s ability to bypass security controls, hide in plain sight, and operate without traditional indicators highlights the work of a well-resourced, highly skilled adversary aiming for stealth and persistence.
What’s new on HivePro
Get through updates and upcoming events, and more directly in your inbox
