The GReAT team discovered the malware during incident response operations on government systems that use Microsoft Exchange. GhostContainer is believed to be part of a sophisticated and persistent advanced persistent threat (APT) campaign targeting key organizations in the Asia region, including major technology companies.
The malicious file discovered by Kaspersky, called App_Web_Container_1.dll, is actually a multi-functional backdoor that can be extended by downloading additional modules remotely. The malware takes advantage of many open source projects and is sophisticatedly customized to avoid detection.
Once GhostContainer is successfully installed on a system, hackers can easily take complete control of the Exchange server, from which they can perform a series of dangerous actions without the user knowing. This malware is cleverly disguised as a valid component of the server and uses many surveillance evasion techniques to avoid detection by anti-virus software and bypass security monitoring systems.
In addition, this malware can act as a proxy server or an encrypted tunnel, creating loopholes for hackers to penetrate internal systems or steal sensitive information. Looking at this way of operation, experts suspect that the main purpose of this campaign is likely to be cyber espionage.
“Our in-depth analysis shows that the perpetrators are highly proficient in penetrating Microsoft Exchange server systems. They leverage a variety of open source tools to penetrate IIS and Exchange environments, and develop sophisticated spying tools based on available open source code. We will continue to monitor the group’s activities, as well as the scope and severity of their attacks, to better understand the overall threat picture,” said Sergey Lozhkin, Head of the Global Research and Analysis Team (GReAT) for Asia Pacific and Middle East and Africa at Kaspersky.
GhostContainer uses code from multiple open source projects, making it fully vulnerable to cybercriminal groups or APT campaigns anywhere in the world . Notably, by the end of 2024, a total of 14,000 malware packages were detected in open source projects, up 48% from the end of 2023. This number shows that the level of risk is increasing in the field.
Source: https://www.sggp.org.vn/ghostcontainer-lo-hong-moi-tan-cong-may-chu-microsoft-exchange-thong-qua-ma-doc-backdoor-post805372.html
![[Photo] The 1st Congress of Phu Tho Provincial Party Committee, term 2025-2030](https://vphoto.vietnam.vn/thumb/1200x675/vietnam/resource/IMAGE/2025/9/30/1507da06216649bba8a1ce6251816820)
![[Photo] General Secretary To Lam, Secretary of the Central Military Commission attends the 12th Party Congress of the Army](https://vphoto.vietnam.vn/thumb/1200x675/vietnam/resource/IMAGE/2025/9/30/9b63aaa37ddb472ead84e3870a8ae825)
![[Photo] Solemn opening of the 12th Military Party Congress for the 2025-2030 term](https://vphoto.vietnam.vn/thumb/1200x675/vietnam/resource/IMAGE/2025/9/30/2cd383b3130d41a1a4b5ace0d5eb989d)
![[Photo] President Luong Cuong receives President of the Cuban National Assembly Esteban Lazo Hernandez](https://vphoto.vietnam.vn/thumb/1200x675/vietnam/resource/IMAGE/2025/9/30/4d38932911c24f6ea1936252bd5427fa)
![[Photo] Panorama of the cable-stayed bridge, the final bottleneck of the Ben Luc-Long Thanh expressway](https://vphoto.vietnam.vn/thumb/1200x675/vietnam/resource/IMAGE/2025/9/30/391fdf21025541d6b2f092e49a17243f)
Comment (0)