Ghost, a ransomware outfit, has been exploiting software and firmware flaws since January, according to an FBI and Cybersecurity and Infrastructure Security Agency (CISA) advisory issued last week.
The outfit, also known as Cring and based in China, focusses on internet-facing services with unpatched vulnerabilities that users might have fixed years ago, according to the agencies. Cybersecurity researchers initially raised concerns about the group in 2021.
“This indiscriminate targeting of networks containing vulnerabilities has resulted in the compromise of organisations in more than 70 countries, including China,” according to the notice issued by the Multi-State Information Sharing and Analysis Centre (MS-ISAC).
The notice lists the following vulnerabilities: Microsoft Exchange servers that are still vulnerable to the ProxyShell attack chain; servers running Adobe’s ColdFusion for web applications; and issues in unpatched Fortinet security appliances.