Proofpoint recently identified a SugarGh0st RAT campaign targeting organizations in the United States involved in artificial intelligence efforts, including those in academia, private industry, and government service.
Proofpoint tracks the cluster responsible for this activity as UNK_SweetSpecter. SugarGh0st RAT is a remote access trojan, and is a customized variant of Gh0stRAT, an older commodity trojan typically used by Chinese-speaking threat actors. SugarGh0st RAT has been historically used to target users in Central and East Asia, as first reported by Cisco Talos in November 2023.
Read more…
Source: ProofPoint
Related:
- Again and again, NSO Group’s customers keep getting their spyware operations caught
March 28, 2025
On Thursday, Amnesty International published a new report detailing attempted hacks against two Serbian journalists, allegedly carried out with NSO Group’s spyware Pegasus. The two journalists, who work for the Serbia-based Balkan Investigative Reporting Network (BIRN), received suspicious text messages including a link — basically a phishing attack, according to the nonprofit. In one case, Amnesty ...
- Operation ForumTroll: APT attack with Google Chrome zero-day exploit chain
March 25, 2025
In mid-March 2025, Kaspersky technologies detected a wave of infections by previously unknown and highly sophisticated malware. In all cases, infection occurred immediately after the victim clicked on a link in a phishing email, and the attackers’ website was opened using the Google Chrome web browser. No further action was required to become infected. All malicious ...
- ZDI-CAN-25373: Windows shortcut exploit abused as Zero-Day in widespread APT campaigns
March 18, 2025
The Trend Zero Day Initiative threat hunting team identified significant instances of the exploitation of ZDI-CAN-25373 across a variety of campaigns dating back to 2017. The researchers analysis revealed that 11 state-sponsored groups from North Korea, Iran, Russia, and China have employed ZDI-CAN-25373 in operations primarily motivated by cyber espionage and data theft. Trend Micro discovered ...
- Squid Werewolf cyber spies masquerade as recruiters
March 12, 2025
Espionage activity clusters may pose as recruiters to distribute phishing emails, targeting key employees in organizations of interest. In December 2024, the BI.ZONE Threat Intelligence team uncovered a peculiar phishing campaign aimed at luring victims with fake job opportunities at an industrial organization. A detailed analysis revealed that the attack had been carried out by Squid Werewolf ...
- SideWinder targets the maritime and nuclear sectors with an updated toolset
March 10, 2025
Last year, Kaspersky researchers published an article about SideWinder, a highly prolific APT group whose primary targets have been military and government entities in Pakistan, Sri Lanka, China, and Nepal. In the article, they described activities that had mostly happened in the first half of the year. The researchers tried to draw attention to the group, ...
- Israel: Unit 8200 created AI language learning tool from intercepted Palestinian Arabic comms
March 7, 2025
Israel’s military surveillance Unit 8200 has reportedly developed a vast database of intercepted Palestinian communications in order to construct an artificial intelligence tool similar to ChatGPT, a joint investigation by The Guardian, +972 Magazine and Mekomit alleged on Thursday. Israel reportedly hopes that the resulting AI tool “will transform its spying capabilities.” The investigation by the ...