Proofpoint recently identified a SugarGh0st RAT campaign targeting organizations in the United States involved in artificial intelligence efforts, including those in academia, private industry, and government service.
Proofpoint tracks the cluster responsible for this activity as UNK_SweetSpecter. SugarGh0st RAT is a remote access trojan, and is a customized variant of Gh0stRAT, an older commodity trojan typically used by Chinese-speaking threat actors. SugarGh0st RAT has been historically used to target users in Central and East Asia, as first reported by Cisco Talos in November 2023.
Read more…
Source: ProofPoint
Related:
- Scaly Wolf uses White Snake stealer against Russian industry
February 2, 2024
The BI.ZONE Threat Intelligence team has identified at least a dozen campaigns linked to Scaly Wolf. The impact spreads across organizations from various industries in Russia, including manufacturing and logistics. One of the group’s characteristics in gaining initial access is their phishing emails designed to look like legitimate correspondence from Russian public authorities. Its phishing arsenal ...
- US imposes fresh sanctions over Iranian arms, cyber activity
February 2, 2024
The United States on Friday imposed sanctions targeting Iran’s ballistic missile and drone procurement programmes as well as officials it said were involved in hacking US infrastructure, as Washington looks to increase pressure on Tehran. The US Treasury Department said in a statement on Friday it had imposed sanctions on four Iran- and Hong Kong-based companies ...
- Former CIA employee sentenced to 40 years in prison after carrying out largest data leak in agency’s history
February 1, 2024
A former CIA employee was sentenced to 40 years in prison after carrying out the largest data leak in the agency’s history, the US Attorney’s Office of the Southern District of New York announced Thursday. Joshua Schulte – who was accused of handing over reams of classified data to WikiLeaks in 2016 – was convicted in ...
- Satellites and the specter of IoT attacks
January 26, 2024
In the vast expanse of space, satellites orbit silently, serving as the connected backbone of our modern world. A fast-proliferating network of satellites forms the critical infrastructure that supports global communication, navigation, weather forecasting, defensive operations and more. Today’s global space economy is huge, forecasted to total more than $600 billion annually in 2024. Internet of ...
- HP Enterprise was hacked by the same Russian state-sponsored group that targeted Microsoft
January 25, 2024
HP Enterprise was infiltrated by a hacking group linked to Russian intelligence last year, the business IT company has revealed in a Securities and Exchange Commission filing. The threat actor is believed to be Midnight Blizzard, also known as Cozy Bear, which was the same group that recently breached the email accounts of several senior executives ...
- Russian hackers attack Ukraine MoD resources
January 25, 2024
Cyber attacks by Russian government-funded groups on the resources run by the Ministry of Defense using phishing, distribution of remote code execution malware, and blocking of access to web resources have been recorded. “Last day, attacks on Ukraine’s government and commercial sectors were recorded. Also, attacks by Russia-funded hacker groups were launched on the resources of ...