Proofpoint recently identified a SugarGh0st RAT campaign targeting organizations in the United States involved in artificial intelligence efforts, including those in academia, private industry, and government service.
Proofpoint tracks the cluster responsible for this activity as UNK_SweetSpecter. SugarGh0st RAT is a remote access trojan, and is a customized variant of Gh0stRAT, an older commodity trojan typically used by Chinese-speaking threat actors. SugarGh0st RAT has been historically used to target users in Central and East Asia, as first reported by Cisco Talos in November 2023.
Read more…
Source: ProofPoint
Related:
- The remote-working rush is creating a playground for spies and cybercrooks
April 5, 2020
Hundreds of millions of people are now working from home as a result of the ongoing COVID-19 coronavirus outbreak. Most organisations have a disaster recovery plan and a business continuity strategy in place to cope with the more predictable catastrophes, like a main office being unavailable for weeks or months. Far fewer are prepared for a crisis requiring ...
- Emerging APT Mounts Mass iPhone Surveillance Campaign
March 26, 2020
A recently discovered, mass-targeted watering-hole campaign has been aiming at Apple iPhone users in Hong Kong – infecting website visitors with a newly developed custom surveillance malware. The bad code – the work of a new APT called “TwoSail Junk” – is delivered via a multistage exploit chain that targets iOS vulnerabilities in versions 12.1 ...
- Hackers breach FSB contractor and leak details about IoT hacking project
March 20, 2020
Russian hacker group Digital Revolution claims to have breached a contractor for the FSB — Russia’s national intelligence service — and discovered details about a project intended for hacking Internet of Things (IoT) devices. The group published this week 12 technical documents, diagrams, and code fragments for a project called “Fronton.” Read more… Source: ZDNet
- Probing Pawn Storm Cyberespionage Campaign Through Scanning, Credential Phishing and More
March 19, 2020
Pawn Storm, an ongoing cyberespionage campaign with activities that can be traced as far back as 2004, has gained notoriety after aiming cyber-attacks at defense contractor personnel, embassies, and military forces of the United States and its allies, as well as international media and citizens across different civilian industries and sectors, among other targets. For years, ...
- Chinese hackers use decade-old Bisonal Trojan in cyberespionage campaigns
March 5, 2020
Chinese cyberattackers continue to improve and deploy a decade-old Remote Access Trojan (RAT) in ongoing campaigns against Russian, Japanese, and South Korean targets. On Thursday, researchers from Cisco Talos said that the Bisonal RAT is an unusual sample of malware that has been improved, rolled back, and refined over a period of 10 years, an uncommon practice by ...
- Cobalt Ulster Strikes Again With New ForeLord Malware
March 3, 2020
A new credential-stealing malware, dubbed ForeLord, has been uncovered in a recent spear phishing campaign. Researchers tie the attack to a known advanced persistence threat (APT) group known as Cobalt Ulster. The emails distributing ForeLord were uncovered as part of a campaign, running between mid-2019 and mid-January 2020. The emails were targeting organizations in Turkey, Jordan, Iraq, as ...