Proofpoint recently identified a SugarGh0st RAT campaign targeting organizations in the United States involved in artificial intelligence efforts, including those in academia, private industry, and government service.
Proofpoint tracks the cluster responsible for this activity as UNK_SweetSpecter. SugarGh0st RAT is a remote access trojan, and is a customized variant of Gh0stRAT, an older commodity trojan typically used by Chinese-speaking threat actors. SugarGh0st RAT has been historically used to target users in Central and East Asia, as first reported by Cisco Talos in November 2023.
Read more…
Source: ProofPoint
Related:
- Russian-Speaking Turla Joins APT Elite
April 3, 2017
In the waning moments of his 2016 talk at the Security Analyst Summit, Thomas Rid had a drop-the-mic moment when he disclosed there were likely links between the infamous Moonlight Maze cyberespionage operation of the mid- and late-1990s and the modern-day Turla APT. Today during this year’s annual Kaspersky Lab conference, Rid, along researchers Costin Raiu and ...
- Lazarus APT Spinoff Linked to Banking Hacks
April 3, 2017
The Lazarus Group, a nation-state level of attacker tied to the 2014 attacks on Sony Pictures Entertainment, has splintered off a portion of its operation to concentrate on stealing money to fund itself. The group, widely believed to be North Korean, has been linked to a February 2016 attack against the Bangladesh Central bank that resulted ...
- In line with PM Modi’s push, Army gets new software to enhance cyber security
April 2, 2017
In line with Prime Minister Narendra Modi‘s push for enhancing cyber security, the Indian Army is testing the indigenous BOSS (Bharat Operating System Solutions) to guard its communication and information networks from espionage by foreign players. In his maiden address to the senior commanders of the three services, the prime minister had asked them to guard ...
- WikiLeaks’ latest release of CIA cyber tools could blow cover on agency hacking operations
April 1, 2017
WikiLeaks’ latest disclosure of CIA cyber tools reveals a technique used by the agency to hide its digital tracks, potentially blowing the cover on current and past hacking operations aimed at gathering intelligence on terrorists and other foreign targets. The release on Friday of the CIA’s “Marble Framework” comes less than a month after the anti-secrecy ...
- Espionage Group Turla Tweaks Carbon Backdoor Malware with New Variants
March 30, 2017
Russian espionage group Turla has been working on various tools for years, including several new versions of Carbon, a second stage backdoor malware. The discovery was made by researchers from ESET who claim that this malware is still under active development. Since the group is well known for changing its tools once they are exposed, it’s ...
- Germany Fought Off Two Fancy Bear Cyber Attacks in 2016
March 27, 2017
Fears about Russian involvement in European elections, especially after last year’s US election, aren’t exactly unfounded or born out of paranoia. In fact, Germany says it fended off two cyber attacks coming from the same cybercriminals that targeted Hillary Clinton’s campaign. Arne Schoenbohm, a top German official, told Reuters they managed to fight off two attacks ...