Proofpoint recently identified a SugarGh0st RAT campaign targeting organizations in the United States involved in artificial intelligence efforts, including those in academia, private industry, and government service.
Proofpoint tracks the cluster responsible for this activity as UNK_SweetSpecter. SugarGh0st RAT is a remote access trojan, and is a customized variant of Gh0stRAT, an older commodity trojan typically used by Chinese-speaking threat actors. SugarGh0st RAT has been historically used to target users in Central and East Asia, as first reported by Cisco Talos in November 2023.
Read more…
Source: ProofPoint
Related:
- UK says it warned 16 NATO allies of Russian hacking activities
May 23, 2019
The UK has shared information on Russian hacking attacks with 16 NATO allies over the last 18 months, a British government official said today. “I can disclose that in the last 18 months, the National Cyber Security Centre has shared information and assessments with 16 NATO Allies – and even more nations outside the Alliance – ...
- Update WhatsApp now: Bug lets snoopers put spyware on your phone with just a call
May 14, 2019
WhatsApp has disclosed a serious vulnerability in the messaging app that gives snoops a way to remotely inject Israeli spyware on iPhone and Android devices simply by calling the target. The bug, detailed in a Monday Facebook advisory for CVE-2019-3568, is a buffer overflow vulnerability within WhatsApp’s VOIP function. An attacker would need to call a target and ...
- ScarCruft APT Adds Bluetooth Harvester to its Malware Bag of Tricks
May 11, 2019
The ScarCruft Korean-speaking APT is changing up its espionage tactics to include an unusual piece of malware devoted to harvesting Bluetooth information – while also showing some overlap with the DarkHotel APT. An analysis of ScarCruft’s binary infection procedure by Kaspersky Lab shows that in a campaign that continued over the course of 2018, the group used ...
- Chinese Spies Stole NSA Cyberweapons Long Before Shadow Brokers Leak
May 7, 2019
Hacking tools allegedly developed by the National Security Agency (NSA) were being used in the wild by at least one APT long before the Shadow Brokers released the now-infamous trove of U.S. cyberweapons, new analysis suggests. According to researchers at Symantec, an attack group affiliated with the Chinese government known as Buckeye (a.k.a. APT3 or Gothic ...
- NSA surveillance of foreign nationals surges
May 1, 2019
The US National Security Agency’s latest transparency report has revealed the increased surveillance of foreign nationals and their communications records in intelligence operations. The Office of the Director of National Intelligence (ODNI) published its sixth “Statistical Transparency Report Regarding Use of National Security Authorities” report on Tuesday. The report (.PDF) outlines the use of warrants, the activities of ...
- Mysterious hacker has been selling Windows 0-days to APT groups for three years
May 1, 2019
For the past three years, a mysterious hacker has been selling Windows zero-days to at least three cyber-espionage groups, as well as cyber-crime gangs, researchers from Kaspersky Lab have told ZDNet. The hacker’s activity reinforces recent assessments that some government-backed cyber-espionage groups –also known as APTs (advanced persistent threats)– will regularly buy zero-day exploits from third-party entities, ...