Proofpoint recently identified a SugarGh0st RAT campaign targeting organizations in the United States involved in artificial intelligence efforts, including those in academia, private industry, and government service.
Proofpoint tracks the cluster responsible for this activity as UNK_SweetSpecter. SugarGh0st RAT is a remote access trojan, and is a customized variant of Gh0stRAT, an older commodity trojan typically used by Chinese-speaking threat actors. SugarGh0st RAT has been historically used to target users in Central and East Asia, as first reported by Cisco Talos in November 2023.
Read more…
Source: ProofPoint
Related:
- Wikileaks Unveils ‘Cherry Blossom’ — Wireless Hacking System Used by CIA
June 15, 2017
WikiLeaks has published a new batch of the ongoing Vault 7 leak, this time detailing a framework – which is being used by the CIA for monitoring the Internet activity of the targeted systems by exploiting vulnerabilities in Wi-Fi devices. Dubbed “Cherry Blossom,” the framework was allegedly designed by the Central Intelligence Agency (CIA) with the ...
- WikiLeaks Vault 7: CIA’s “Pandemic” Tool Replaces Files with Malware
June 2, 2017
WikiLeaks has released a new set of documents from its Vault 7 series, this time detailing a tool that the CIA allegedly uses to spread malware on a targeted organization’s network. Appropriately called “Pandemic,” the tool can install a file system filter driver on a network, replacing legitimate files with malicious payload when they are accessed ...
- Chrome Flaw Allows Sites to Secretly Record Audio/Video Without Indication
May 30, 2017
What if your laptop is listening to everything that is being said during your phone calls or other people near your laptop and even recording video of your surrounding without your knowledge? Sounds really scary! Isn’t it? But this scenario is not only possible but is hell easy to accomplish. A UX design flaw in the Google’s ...
- Wikileaks Unveils CIA’s Man-in-the-Middle Attack Tool
May 5, 2017
Wikileaks has published a new batch of the Vault 7 leak, detailing a man-in-the-middle (MitM) attack tool allegedly created by the United States Central Intelligence Agency (CIA) to target local networks. Since March, WikiLeaks has published thousands of documents and other secret tools that the whistleblower group claims came from the CIA. This latest batch is the ...
- CIA director calls WikiLeaks ‘hostile intelligence agency’
April 13, 2017
CIA Director Mike Pompeo is denouncing WikiLeaks, calling the anti-secrecy group a “hostile intelligence agency.” In his first public speech since becoming director of the agency, the former Republican congressman says WikiLeaks “walks like a hostile intelligence agency and talks like a hostile intelligence agency.” Last month, WikiLeaks released nearly 8,000 documents that it says reveals secrets ...
- Symantec Links Espionage Group to CIA via Tools Exposed by WikiLeaks
April 10, 2017
Symantec announced that it had connected at least 40 attacks across 16 countries where tools obtained and exposed by WikiLeaks via the Vault 7 revelations about CIA’s espionage tactics were used. In a lengthy report, Symantec talks about a highly organized group they named Longhorn and which they linked to all these attacks. While stopping short ...