Proofpoint recently identified a SugarGh0st RAT campaign targeting organizations in the United States involved in artificial intelligence efforts, including those in academia, private industry, and government service.
Proofpoint tracks the cluster responsible for this activity as UNK_SweetSpecter. SugarGh0st RAT is a remote access trojan, and is a customized variant of Gh0stRAT, an older commodity trojan typically used by Chinese-speaking threat actors. SugarGh0st RAT has been historically used to target users in Central and East Asia, as first reported by Cisco Talos in November 2023.
Read more…
Source: ProofPoint
Related:
- Italy and Israeli Paragon part ways after spyware affair
June 9, 2025
Italy has terminated a contract with Israeli spyware maker Paragon, a parliamentary document showed on Monday, following allegations that the Italian government used its technology to hack critics’ phones. Paragon did not immediately respond to a Reuters request for comment. Meta’s WhatsApp chat service said earlier this year Paragon spyware had targeted scores of users, including ...
- Eight things we learned from WhatsApp vs. NSO Group spyware lawsuit
May 30, 2025
On May 6, WhatsApp scored a major victory against NSO Group when a jury ordered the infamous spyware maker to pay more than $167 million in damages to the Meta-owned company. The ruling concluded a legal battle spanning more than five years, which started in October 2019 when WhatsApp accused NSO Group of hacking more than ...
- Dutch authorities claim Russia-backed group hacked into networks of police and NATO
May 27, 2025
A previously unknown Russian hacking group was behind attacks last year on the networks of the Dutch police, NATO and several European countries, Dutch intelligence agencies said on Tuesday. The group, nicknamed Laundry Bear by the security agencies, was most likely supported by the Russian state, the Dutch General Intelligence Agency and Military Agency said in ...
- Mysterious hacking group Careto was run by the Spanish government
May 23, 2025
More than a decade ago, researchers at antivirus company Kaspersky identified suspicious internet traffic of what they thought was a known government-backed group, based on similar targeting and its phishing techniques. Soon, the researchers realized they had found a much more advanced hacking operation that was targeting the Cuban government, among others. Eventually the researchers were ...
- Global Russian hacking campaign steals data from government agencies
May 16, 2025
For years now, Russian state-sponsored threat actors have been eavesdropping on email communications from governments across Eastern Europe, Africa, and Latin America. A new report from cybersecurity researchers ESET has found that the crooks were abusing multiple zero-day and n-day vulnerabilities in webmail servers to steal the emails. ESET named the campaign “RoundPress”, and says that ...
- Earth Ammit Disrupts Drone Supply Chains Through Coordinated Multi-Wave Attacks in Taiwan
May 13, 2025
In July 2024, Trend Micro disclosed the TIDRONE campaign, in which threat actors targeted Taiwan’s military and satellite industries. During their investigation, Trend Micro researchers discovered that multiple compromised entities were using the same enterprise resource planning (ERP) software. This led the researchers to engage with the ERP vendor, through which they uncovered additional details that ...