Proofpoint recently identified a SugarGh0st RAT campaign targeting organizations in the United States involved in artificial intelligence efforts, including those in academia, private industry, and government service.
Proofpoint tracks the cluster responsible for this activity as UNK_SweetSpecter. SugarGh0st RAT is a remote access trojan, and is a customized variant of Gh0stRAT, an older commodity trojan typically used by Chinese-speaking threat actors. SugarGh0st RAT has been historically used to target users in Central and East Asia, as first reported by Cisco Talos in November 2023.
Read more…
Source: ProofPoint
Related:
- Kaspersky says it detected infections with DarkPulsar, alleged NSA malware
October 19, 2018
Kaspersky Lab said today that it detected computers infected with DarkPulsar, a malware implant that has been allegedly developed by the US National Security Agency (NSA). “We found around 50 victims, but believe that the figure was much higher,” Kaspersky Lab researchers said today. “All victims were located in Russia, Iran, and Egypt, and typically Windows 2003/2008 ...
- Oceansalt cyberattack wave linked to defunct Chinese APT Comment Crew
October 18, 2018
A fresh wave of cyberattacks striking the US, South Korea, and Canada has been connected to an APT group with ties to the Chinese military. On Thursday, cybersecurity researchers from McAfee’s Advanced Threat Research team said they have discovered a new campaign which focuses on cyberespionage and data reconnaissance. South Korea appears to be the primary target of the ...
- UK National Cyber Security Centre Reveals Scale Of Cyber Attacks
October 16, 2018
Two year since its launch, NCSC helped the UK against almost 1,200 cyber attacks, most carried out by hostile nation states The UK’s National Cyber Security Centre (NCSC) has revealed that it helps the country fend off at least ten cyber attacks a week, most of which come from state-sponsored hackers employed by hostile nation states. This ...
- UK MoD secrets exposed in dozens of cyber security breaches
October 15, 2018
Ministry of Defence secrets were exposed in dozens of breaches of military cyber security policy last year, as hostile nations and spy agencies continue to probe the UK’s defence sector. Heavily redacted reports obtained by Sky News have revealed that the MoD and its partners failed to protect military and defence data in 37 incidents in ...
- Gallmaker: New Attack Group Eschews Malware to Live off the Land
October 10, 2018
A new attack group is targeting government, military, and defense sectors in what appears to be a classic espionage campaign. Symantec researchers have uncovered a previously unknown attack group that is targeting government and military targets, including several overseas embassies of an Eastern European country, and military and defense targets in the Middle East. This group ...
- Saudi Dissident Spyware Attack Belies Bigger Threat
October 5, 2018
This week, news broke that a well-known Saudi dissident has been targeted by the notorious Pegasus spyware – after he gained permanent citizen status in Canada. While this fits into pattern of ongoing attacks on “civil society” members (i.e., journalists, social justice activists, dissidents and human rights organizations), the larger pool of threats against this ...