GhostEmperor: From ProxyLogon to kernel mode
released on 2021-10-01 @ 08:43:16 AM
Demodex has been observed in a recent rise of attacks against Exchange servers. The malware could be used to hide and hide the source of the attack. The responsible cluster has been dubbed GhostEmperor.