SugarGh0st RAT Used to Target American Artificial Intelligence Experts


Proofpoint recently identified a SugarGh0st RAT campaign targeting organizations in the United States involved in artificial intelligence efforts, including those in academia, private industry, and government service.

Proofpoint tracks the cluster responsible for this activity as UNK_SweetSpecter. SugarGh0st RAT is a remote access trojan, and is a customized variant of Gh0stRAT, an older commodity trojan typically used by Chinese-speaking threat actors. SugarGh0st RAT has been historically used to target users in Central and East Asia, as first reported by Cisco Talos in November 2023.

Read more…
Source: ProofPoint


Sign up for our Newsletter


Related:

  • Politician who investigated spyware abuses had his phone hacked with Pegasus spyware

    July 2, 2026

    Security researchers have confirmed that a European politician had his phone hacked with the Pegasus spyware while serving on an investigatory committee probing abuses of the notorious surveillance tool. This has reignited fresh controversy over governments abusing spyware to collect information about their critics. The researchers at the University of Toronto’s digital rights unit The Citizen ...

  • ToddyCat: your hidden email assistant. Part 2

    June 30, 2026

    Kaspersky continue to share details on the malicious techniques and toolsets used by the ToddyCat APT group. In the first part of this report, they examined the group’s attacks aimed at stealing data from browsers, as well as from local and cloud email services. The methods used in that campaign indicated that ToddyCat was attempting ...

  • Russian Intelligence Services Continue to Target Commercial Messaging Applications

    June 26, 2026

    The FBI and CISA are issuing this update to the March 20, 2026, Public Service Announcement I-032026-PSA to provide additional information to the public and encourage device owners to take actions to protect themselves. The FBI has identified multiple clusters of Russian Intelligence Services (RIS) cyber threat actors responsible for an ongoing commercial messaging application (CMA) phishing campaign against individuals of high ...

  • Public and Private Medical Community Targeted by China-Nexus Threat Actor

    June 15, 2026

    Google Threat Intelligence Group (GTIG) has identified a sophisticated campaign attributed to UNC6508, a People’s Republic of China (PRC)-nexus threat actor, targeting institutions in the North American academic, medical, and military research community. While remaining undetected for over a year, the threat actor compromised externally facing web applications, deployed bespoke malware, pivoted to sensitive internal ...

  • WhatsApp says it caught new spyware attacks linked to NSO Group in violation of court order

    June 8, 2026

    WhatsApp said that it disrupted a new hacking campaign linked to NSO Group, a spyware maker that has been ensnared in countless cases of abuse all over the world. The messaging app maker accused NSO of violating an earlier court order that bars the company from targeting WhatsApp and its users with its spyware, and is seeking to ...

  • Chinese spies use LinkedIn to target UK officials and military staff

    June 3, 2026

    Chinese spies are targeting UK government and military staff on job websites including LinkedIn to try to get access to classified or sensitive information, MI5 has warned. A bulletin has been released by the Five Eyes powers – the UK, US, Australia, Canada and New Zealand – highlighting an “aggressive” online recruitment strategy where spies for Beijing military ...