GhostNet

From Cybersecurity Wiki
Jump to: navigation, search
This page is currently under construction. Check back for updates soon.

Case Summary

GhostNet is the name given to a large-scale cyber espionage operation discovered in March 2009. The operation’s command and control infrastructure was based mainly in the People's Republic of China and had infiltrated high-value political, economic and media locations in 103 countries. At least 1,295 computer systems were compromised, including systems belonging to embassies, foreign ministries, government offices, and the Dalai Lama's Tibetan exile centers in India, London and New York City.

The trojan was primarily delivered through carefully social engineered e-mails and upon installation it connected back to a control server to receive commands. The infected computer would then execute commands specified by the control server. Although the activity was mostly based in China, the Chinese government denied all involvement in this operation and conclusive links between the Chinese government and GhostNet were not discovered.


Recommended Literature