FBI and CISA warn about continuing attacks by Chinese ransomware group Ghost | CSO Online

The FBI and CISA issued a joint advisory about the activities of the Chinese ransomware group Ghost, which has compromised organizations in over 70 countries. The group exploits vulnerabilities in web apps, servers, and internet-exposed hardware, targeting critical infrastructure, schools, healthcare, government networks, and more. Ghost primarily uses Cobalt Strike for lateral movement and data exfiltration, focusing more on encrypting data than exfiltrating it.