GopherWhisper: il nuovo APT cinese che spia il governo mongolo nascondendo il C2 in Slack, Discord e Outlook
ESET Research ha scoperto GopherWhisper, un APT cinese attivo dal 2023 che ha compromesso 12 sistemi governativi mongoli usando Discord, Slack e le bozze di Microsoft Outlook come canali C2. Il gruppo dispone di sette tool personalizzati tra cui quattro backdoor distinte scritte in Go e C++.
📰 New 'GopherWhisper' APT Group Linked to China Targets Mongolian Government
New China-aligned APT 'GopherWhisper' discovered targeting Mongolian gov't. 🕵️♂️ The group uses a Go-lang toolkit and evades detection by using Slack, Discord, and Outlook for C2 communications. #APT #CyberEspionage #GopherWhisper #ThreatIntel
New #GopherWhisper #APT group abuses #Outlook, #Slack, #Discord for comms
A previously undocumented state-backed threat actor named GopherWhisper is using a Go-based custom toolkit and legitimate services like Microsoft 365 Outlook, Slack, and Discord in attacks against government entities.
China-Linked APT Group Exploits Legitimate Services for Covert Ops
ESET researchers have uncovered a treasure trove of clues, analyzing 6,044 Slack messages and 3,005 Discord messages that reveal the covert operations of a China-linked APT group, dubbed GopherWhisper, which has been active since at least 2023. The recovered logs provide a rare glimpse into the group's tactics, thanks to hardcoded credentials…
China-Linked GopherWhisper Targets Mongolian Government Systems with Go Backdoors
A China-linked cyber group, dubbed GopherWhisper, has been targeting Mongolian government systems with a suite of Go-based backdoors, infecting at least 12 systems and potentially dozens more. The attackers used clever tactics, routing command-and-control traffic through compromised Discord and Slack servers.
#Chinalinked #Gopherwhisper #GoBackdoors #MongolianGovernment #Eset
securityaffairs
The Threat Codex
(in)sicurezza digitale
CyberNetsecIO
The New Oil
Analyst207
ESET Research