A newly identified Chinese state-backed APT group called GopherWhisper has been targeting government entities using a Go-based malware toolkit. The group abuses legitimate services — Slack, Discord, and Microsoft 365 Outlook via the Graph API — for command-and-control communications, making detection harder. ESET researchers discovered multiple backdoors (LaxGopher, RatGopher, BoxOfFriends, SSLORDoor) and support tools, and were able to access attacker accounts due to hardcoded credentials in the malware. Analysis of C2 traffic timestamps and locale metadata strongly links the group to China. At least 12 systems in a Mongolian government institution were confirmed compromised, with dozens of additional victims suspected. ESET has published indicators of compromise to aid defenders.
Table of contents
Related Articles:Sort: