|This page is currently under construction. Check back for updates soon.|
GhostNet is the name given to a large-scale cyber espionage operation discovered in March 2009. The operation’s command and control infrastructure was based mainly in the People's Republic of China and had infiltrated high-value political, economic and media locations in 103 countries. At least 1,295 computer systems were compromised, including systems belonging to embassies, foreign ministries, government offices, and the Dalai Lama's Tibetan exile centers in India, London and New York City.
The trojan was primarily delivered through carefully social engineered e-mails and upon installation it connected back to a control server to receive commands. The infected computer would then execute commands specified by the control server. Although the activity was mostly based in China, the Chinese government denied all involvement in this operation and conclusive links between the Chinese government and GhostNet were not discovered.
- Wikipedia entry
- John Markoff, Vast Spy System Loots Computers in 103 Countries, NY Times, Mar 28, 2009
- Shishir Nagaraja & Ross Anderson, The snooping dragon: social-malware surveillance of the Tibetan movement, University of Cambridge Computer Laboratory Technical Report, March 2009
- Tracking GhostNet: Investigating a Cyber Espionage Network, Information Warfare Monitor, Mar 29, 2009