Proofpoint recently identified a SugarGh0st RAT campaign targeting organizations in the United States involved in artificial intelligence efforts, including those in academia, private industry, and government service.
Proofpoint tracks the cluster responsible for this activity as UNK_SweetSpecter. SugarGh0st RAT is a remote access trojan, and is a customized variant of Gh0stRAT, an older commodity trojan typically used by Chinese-speaking threat actors. SugarGh0st RAT has been historically used to target users in Central and East Asia, as first reported by Cisco Talos in November 2023.
Read more…
Source: ProofPoint
Related:
- APT-C-23 Android Spyware Variant Snoops on WhatsApp, Telegram Messages
September 30, 2020
Researchers say they have uncovered a new Android spyware variant with an updated command-and-control communication strategy and extended surveillance capabilities that snoops on social media apps WhatsApp and Telegram. The malware, Android/SpyC32.A, is currently being used in active campaigns targeting victims in the Middle East. It is a new variant of an existing malware operated by ...
- Russian hackers use fake NATO training docs to breach govt networks
September 22, 2020
A Russian hacker group known by names, APT28, Fancy Bear, Sofacy, Sednit, and STRONTIUM, is behind a targeted attack campaign aimed at government bodies. The group delivered a hard-to-detect strand of Zebrocy Delphi malware under the pretense of providing NATO training materials. Researchers further inspected the files containing the payload and discovered these impersonated JPG files showing ...
- Latest U.S. Indictments Target Iranian Espionage Actors
September 18, 2020
The U.S. government has indicted three Iranian nationals on charges related to cyber attacks against aerospace and satellite technology companies. Said Pourkarim Arabi, Mohammad Reza Espargham, and Mohammad Bayati are alleged to have carried out a string of attacks between 2015 and 2019 which resulted in the theft of sensitive commercial information, intellectual property, and ...
- APT41: Indictments Put Chinese Espionage Group in the Spotlight
September 18, 2020
The U.S. government has charged seven men in relation to hundreds of cyber attacks against organizations in the U.S. and multiple other countries in Asia and Europe. Two of the men, who were based in Malaysia, were arrested and their extradition to the U.S. has been requested. The other five are based in China and ...
- Iran’s RampantKitten spy crew were snooping on expats and dissidents for six years
September 18, 2020
Infosec outfit Check Point says it has uncovered a six-year Iranian cyber-spying campaign directed at expats and dissidents worldwide. The Iranian crew, nicknamed RampantKitten, used a variety of infostealers to help themselves to targets’ files, as well as extracting passwords from management software KeePass and breaking into Telegram Desktop installations. A malicious Android app posing as a ...
- Hackers for hire attack architecture firm via 3ds Max exploit
August 26, 2020
An advanced hackers-for-hire group has compromised computers of an architecture firm involved in luxury real-estate projects worth billions of US dollars. The group carries out espionage operations, the attack vector being a malicious plugin for the Autodesk 3ds Max software for creating professional 3D computer graphics. According to an investigation from Bitdefender, the unnamed victim is an ...