Proofpoint recently identified a SugarGh0st RAT campaign targeting organizations in the United States involved in artificial intelligence efforts, including those in academia, private industry, and government service.
Proofpoint tracks the cluster responsible for this activity as UNK_SweetSpecter. SugarGh0st RAT is a remote access trojan, and is a customized variant of Gh0stRAT, an older commodity trojan typically used by Chinese-speaking threat actors. SugarGh0st RAT has been historically used to target users in Central and East Asia, as first reported by Cisco Talos in November 2023.
Read more…
Source: ProofPoint
Related:
- UK pins ‘reckless campaign of cyber attacks’ on Russian military intelligence
October 4, 2018
The UK government this morning pointed the finger at Russian military intelligence for a litany of cyber nasties. In the bulletin, the UK government’s National Cyber Security Centre (NCSC) declared that a range of attacks blamed on the Kremlin are actually the work of Russian military intelligence, GRU. This comes in the wake of long-standing concerns that Russia ...
- US to offer cyberwar capabilities to NATO allies
October 4, 2018
Acting to counter Russia’s aggressive use of cyberattacks across Europe and around the world, the U.S. is expected to announce that, if asked, it will use its formidable cyberwarfare capabilities on NATO’s behalf, according to a senior U.S. official. The announcement is expected in the coming days as U.S. Defense Secretary Jim Mattis attends a meeting of NATO defense ministers ...
- Turla APT Changes Shape with New Code and Targets
October 4, 2018
The Turla APT group’s extensive activities have diversified this year, representing a mix of old code, new code and fresh targets. Perhaps most interesting, this sophisticated group is branching into using scripts and open-source code in its malware development – a marked departure for an APT best-known for deploying a complex rootkit called Snake, traditionally focused on ...
- US government hacker jailed after losing secrets
September 26, 2018
A man who illegally took home hacking tools from his workplace at the National Security Agency, and then allegedly lost them to Russian intelligence, has been jailed for five years and six months. Nghia Hoang Pho, 68, developed hacking tools at the NSA’s elite Tailored Access Operations (TAO) unit, which works on penetrating target computer networks ...
- British spies ‘hacked into Belgian telecoms firm on ministers’ orders’
September 21, 2018
British spies are likely to have hacked into Belgium’s biggest telecommunications operator for at least a two-year period on the instruction of UK ministers, a confidential report submitted by Belgian prosecutors is said to have concluded. The finding would support an allegation made by the whistleblower Edward Snowden five years ago when he leaked 20 slides exposing the ...
- Dangerous Pegasus Spyware Has Spread to 45 Countries
September 18, 2018
The malicious spyware has also been found in use in countries known for targeting human rights. The infamous Pegasus spyware, which targets iPhones and Android devices, has allegedly infiltrated 45 different countries across the globe — and six of those countries have used surveillance malware in the past to abuse human rights, a group of researchers ...