Cyber Threat Actor: GhostR
| Actor Type | Location | Known Incidents |
Criminal
|
Russia
|
1 incident |
|---|
Profile
GhostR, also known as GhostShell, is a threat actor that has been publicly linked to a cyber intrusion targeting a third‑party IT service provider. The actor’s location is noted as Russia, though no further details about its organizational structure or sponsorship are available in the open sources. The aliases GhostR and GhostShell appear in reporting related to the June 2024 incident involving Ezynetic, a vendor that supports licensed moneylenders in Singapore.
In the June 14 2024 breach, GhostR gained unauthorized access to Ezynetic’s systems, resulting in the exfiltration of personal identifiable information belonging to roughly 128,000 borrowers from twelve licensed moneylenders that relied on the vendor’s platform. The compromised data prompted the affected moneylenders to warn their customers about heightened phishing risks, while Ezynetic and the lenders notified local law enforcement and cybersecurity authorities. Credit Bureau Singapore responded by limiting platform access for all twenty client firms as a precautionary measure, although it confirmed that its central repository remained secure and rejected GhostR’s claim of having breached the bureau itself. The incident illustrates the actor’s focus on exploiting supply‑chain connections to reach financial‑service customers in Southeast Asia.
Publicly available reporting does not specify the malware families, initial‑access vectors, or specific tools employed by GhostR in this operation, so no detailed TTP themes can be cited from the source material. Likewise, while the actor’s location is identified as Russia, no explicit ties to a state sponsor or a criminal consortium have been established in the disclosed information. The Ezynetic breach remains the most prominently documented operation associated with GhostR, highlighting its capability to compromise third‑party providers and obtain large volumes of personal data that could facilitate downstream fraudulent activity.
