GhostRedirector Hacks 65 Windows Servers Using Rungan Backdoor and Gamshen IIS Module

Cybersecurity researchers uncovered a threat cluster, GhostRedirector, compromising at least 65 Windows servers, primarily in Brazil, Thailand, and Vietnam. The attacks involve deploying the Rungan backdoor and Gamshen IIS module, with Gamshen used for SEO fraud to manipulate search engine rankings. The threat actor, believed to be China-aligned, exploits vulnerabilities, likely SQL injection, to gain initial access and deploy additional tools.