ESET researchers have uncovered a Chinese APT group dubbed GopherWhisper that has been targeting Mongolian government institutions since at least November 2023. The group deployed five distinct backdoors — LaxGopher, CompactGopher, RatGopher, BoxOfFriends, and SSLORDoor — each using a different cloud service for command-and-control, including Slack, Discord, Microsoft Outlook email drafts, and file.io. While prolific in producing custom malware, the group is not considered sophisticated; evidence suggests operators may be relatively new to malware development. Mongolia sits in a difficult geopolitical position, facing persistent cyber threats primarily from China-aligned and Russian threat actors, with 1.6 million cyberattacks recorded in 2024 alone.
Sort: