ESET researchers have discovered a previously undocumented China-aligned APT group that we named GopherWhisper. The group wields a wide array of tools mostly written in Go, using injectors and loaders to deploy and execute various backdoors in its arsenal. In the observed campaign, the threat actors targeted a governmental entity in Mongolia.
GopherWhisper abuses legitimate services, notably Disco...
The discovery of GopherWhisper highlights the evolving tactics of state-aligned cyber threat actors, particularly their exploitation of legitimate cloud services to obscure malicious activity. The group’s reliance on platforms like Discord, Slack, and Microsoft Outlook for C&C communications reflects a broader trend in cyber espionage, where adversaries blend into normal network traffic to evade detection. The use of Go as the primary programming language for their toolset is notable, as it offe...