What MSPs need to know about Ghostredirector

The new threat group appears to be offering as-a-service attacks on companies from Latin American and Asia, but often those hosted on North American infrastructure. What can MSPs learn from this kind of attack?

October 7, 2025 Robert Dutt ESET Sponsored Content, Podcasts, Sponsored Content Comments Off on What MSPs need to know about Ghostredirector
Tony Anscombe, global security evangelist at ESET
, global evangelist at

ESET’s theat intelligence team has discovered a new threat actor it has dubbed GhostRedirector, that takes advantage of unpatched versions of IIS to offer manipulated search results as a service.

While its targets are largely in Brazil, Thailand, and Vietnam, it includes that are hosted by third parties in North America.

In this edition of the podcast, Tony Anscombe, security evangelist at ESET, joins us to discuss the new attack, and what need to be thinking about when they’re or administering servers on behalf of customers.

We discuss: 

  • the nature of the attacks and how they targeted;
  • who was behind the attacks;
  • the motivations behind the attacks;
  • how the attackers went after servers running MSPs’ and hosters’ environments;
  • what MSPs and hosters can learn from these attacks, and how they can make sure their isn’t used in attacks like this;
  • how ESET makes the determination of a new attack group;
  • how ESET finds new attacks, and
  • what it does with the information once it’s discovered a new attack.

All this and much more in this edition of the ChannelBuzz.ca Podcast.

   

Podcast: Play in new window | Download

Subscribe: Apple Podcasts | Spotify | Amazon Music | Android | iHeartRadio | Youtube Music | RSS

About Robert Dutt 1743 Articles
Robert Dutt is the founder and head blogger at ChannelBuzz.ca. He has been covering the Canadian solution provider channel community for a variety of publications and Web sites since 1997.
Website