Proofpoint recently identified a SugarGh0st RAT campaign targeting organizations in the United States involved in artificial intelligence efforts, including those in academia, private industry, and government service.
Proofpoint tracks the cluster responsible for this activity as UNK_SweetSpecter. SugarGh0st RAT is a remote access trojan, and is a customized variant of Gh0stRAT, an older commodity trojan typically used by Chinese-speaking threat actors. SugarGh0st RAT has been historically used to target users in Central and East Asia, as first reported by Cisco Talos in November 2023.
Read more…
Source: ProofPoint
Related:
- New industrial espionage campaign leverages AutoCAD-based malware
November 28, 2018
Security researchers have spotted a somewhat unique malware distribution campaign that targets companies using AutoCAD-based malware. Discovered by cyber-security firm Forcepoint, which shared its findings with ZDNet yesterday, the campaign appears to have been active since 2014, based on telemetry data the company has analyzed. Forcepoint says the group behind this recent campaign is most likely very sophisticated ...
- Pegasus Spyware Targets Investigative Journalists in Mexico
November 27, 2018
Colleagues of slain Javier Valdez Cárdenas, known for investigating drug cartels, were targeted just days after his death. The notorious state actor mobile spyware known as Pegasus has resurfaced, targeting the colleagues of a slain Mexican journalist who lived – and died – investigating drug cartels. Journalist Javier Valdez Cárdenas, founder of Río Doce, a Mexican newspaper ...
- Threat Actor Uses DNS Redirects, DNSpionage RAT to Attack Government Targets
November 27, 2018
Cisco Talos discovered a new malware campaign targeting a commercial Lebanese airline company, as well as United Arab Emirates (UAE) and Lebanon government domains. According to Cisco Talos’ findings, the recently observed campaign could not be connected to other threat actors or attacks based on the used infrastructure and its Tactics, Techniques, and Procedures (TTP). The actor ...
- 500K Italian Public Administration Email Accounts Compromised By Targeted Attack
November 21, 2018
500,000 certified Italian public administration emails were compromised by hackers who specifically targeted the Italian Comitato Interministeriale per la Sicurezza della Repubblica (CISR) as reported by Difesa e Sicurezza. Although CISR was the primary target, the hackers also compromised certified emails related to other Italian public administration agencies according to Roberto Baldoni, the Deputy Director of the ...
- APT29 Re-Emerges After 2 Years with Widespread Espionage Campaign
November 20, 2018
The group is best-known for hacking the DNC ahead of the 2016 presidential election. A phishing campaign bent on espionage, believed to be launched by the nation-state threat group known as APT29, is targeting high-value targets across the think-tank, law enforcement, media, U.S. military, imagery, transportation, pharmaceutical, national government and defense contracting sectors. It’s the first large-scale ...
- The White Company: Inside the Operation Shaheen Espionage Campaign
November 12, 2018
In a new collection of extensive research reports, the Cylance Threat Intelligence Team profiles a new, likely state-sponsored threat actor called The White Company – in acknowledgement of the many elaborate measures they take to whitewash all signs of their activity and evade attribution. The report details one of the group’s recent campaigns, a year-long espionage ...