Proofpoint recently identified a SugarGh0st RAT campaign targeting organizations in the United States involved in artificial intelligence efforts, including those in academia, private industry, and government service.
Proofpoint tracks the cluster responsible for this activity as UNK_SweetSpecter. SugarGh0st RAT is a remote access trojan, and is a customized variant of Gh0stRAT, an older commodity trojan typically used by Chinese-speaking threat actors. SugarGh0st RAT has been historically used to target users in Central and East Asia, as first reported by Cisco Talos in November 2023.
Read more…
Source: ProofPoint
Related:
- US critical infrastructure hit once again by a new group on the scene
December 6, 2024
Storm-0227, a Chinese state-sponsored advanced persistent threat (APT) actor started targeting critical infrastructure organizations, as well as government entities, in the United States. The group abuses software vulnerabilities and engages in spear phishing attacks to gain access to people’s devices. Once they get the access, they deploy different Remote Access Trojans (RAT) and other malware to ...
- Senators say US military is failing to secure its phones from foreign spies
December 4, 2024
Two U.S. senators are accusing the Department of Defense (DOD) of not doing enough to protect the communications of its military personnel, as the U.S. government contends with an ongoing Chinese hacking campaign targeting American phone and internet giants. The senators say the Department of Defense still relies too heavily on old-fashioned landline calls, and unencrypted ...
- Foreign espionage agencies exploit crowdsourcing for covert intelligence gathering in China
December 4, 2024
China’s Ministry of State Security revealed on Wednesday that foreign intelligence agencies are using crowdsourcing to gather sensitive data in China, posing a covert but serious threat to national security. This covert method, dubbed “crowdsourced espionage,” poses an escalating threat. Foreign intelligence agencies break down intelligence-gathering missions into smaller, discrete tasks and distribute them via legitimate ...
- Enhanced Visibility and Hardening Guidance for Communications Infrastructure
December 3, 2024
The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Federal Bureau of Investigation (FBI), Australian Signals Directorate’s (ASD’s) Australian Cyber Security Centre (ACSC), Canadian Cyber Security Centre (CCCS), and New Zealand’s National Cyber Security Centre (NCSC-NZ) warn that People’s Republic of China (PRC)-affiliated threat actors compromised networks of major global telecommunications providers to ...
- Shin Bet finds 200 Iranian cyberattacks on Israeli personalities
December 2, 2024
In recent months, the Shin Bet (Israel Security Agency) has uncovered some 200 efforts made by Iranian hackers to target Israeli civilians, the Shin Bet stated on Monday. The hacking was conducted via phishing attempts against various individuals, including Israeli politicians, academics, and media personalities, the security agency added. The hackers reportedly looked to gain access ...
- APT trends report Q3 2024
November 28, 2024
In the second half of 2022, a wave of attacks from an unknown threat actor targeted victims with a new type of attack framework that we dubbed P8. The campaign targeted Vietnamese victims, mostly from the financial sector, with some from the real estate sector. Later, in 2023, Elastic Lab published a report about an OceanLotus ...