Proofpoint recently identified a SugarGh0st RAT campaign targeting organizations in the United States involved in artificial intelligence efforts, including those in academia, private industry, and government service.
Proofpoint tracks the cluster responsible for this activity as UNK_SweetSpecter. SugarGh0st RAT is a remote access trojan, and is a customized variant of Gh0stRAT, an older commodity trojan typically used by Chinese-speaking threat actors. SugarGh0st RAT has been historically used to target users in Central and East Asia, as first reported by Cisco Talos in November 2023.
Read more…
Source: ProofPoint
Related:
- Updates to Sofacy, Turla Highlight 2017 Q2 APT Activity
August 8, 2017
Attackers behind advanced persistent threat campaigns have kept busy over the past several months, adding new ways to bypass detection, crafting new payloads to drop, and identifying new zero days and backdoors to help them infect users and maintain persistence on machines. Juan Andres Guerrero-Saade and Brian Bartholomew, members of Kaspersky Lab’s Global Research and Analysis Team, described ...
- 3 New CIA-developed Hacking Tools For MacOS & Linux Exposed
July 27, 2017
WikiLeaks has just published a new set of classified documents linked to another CIA project, dubbed ‘Imperial,’ which reveals details of at least three CIA-developed hacking tools and implants designed to target computers running Apple Mac OS X and different flavours of Linux operating systems. If you are a regular reader of THN, you must be ...
- APT Group Uses Catfish Technique To Ensnare Victims
July 27, 2017
Meet Mia Ash, a 20-something London-based photographer, amateur model, social media butterfly with a keen interest in tech-savvy guys with ties to the oil and gas industry. You guessed it. Mia Ash doesn’t exist. Ash, according to Dell SecureWorks Counter Threat Unit, is a virtual persona stitched together by the APT known as Cobalt Gypsy, OilRig, ...
- Experts Unveil Cyber Espionage Attacks by CopyKittens Hackers
July 25, 2017
Security researchers have discovered a new, massive cyber espionage campaign that mainly targets people working in government, defence and academic organisations in various countries. The campaign is being conducted by an Iran-linked threat group, whose activities, attack methods, and targets have been released in a joint, detailed report published by researchers at Trend Micro and Israeli ...
- Oil & Gas Industry Faces More Frequent & Sophisticated Cyber Attacks: Deloitte
June 27, 2017
Three out of four oil and natural gas companies fell victim to at least one cyber attack last year as hacking efforts against the industry become more frequent and sophisticated. That’s the finding from a report released Monday by industry consultant Deloitte LLP. Technology advances, such as Royal Dutch Shell Plc’s recent control of operations in Argentina ...
- Brutal Kangaroo: CIA-developed Malware for Hacking Air-Gapped Networks Covertly
June 22, 2017
WikiLeaks has published a new batch of the ongoing Vault 7 leak, this time detailing a tool suite – which is being used by the CIA for Microsoft Windows that targets “closed networks by air gap jumping using thumb drives,” mainly implemented in enterprises and critical infrastructures. Air-gapped computers that are isolated from the Internet or ...