CP
cyberpings

GopherWhisper - China-Linked APT Targets Mongolian Government

A new China-aligned APT group, GopherWhisper, has infected 12 Mongolian government systems. This highlights the growing threat of state-sponsored cyber attacks. Organizations must enhance their security measures to protect sensitive data.

Threat IntelHIGHUpdated: Published:
Featured image for GopherWhisper - China-Linked APT Targets Mongolian Government

Original Reporting

THThe Hacker News

AI Summary

CyberPings AI·Reviewed by Rohit Rana

🎯Basically, a hacker group from China is attacking Mongolian government computers using special software.

The Threat

GopherWhisper is a newly identified advanced persistent threat (APT) group believed to be linked to China. This group has recently targeted Mongolian governmental institutions, successfully infecting 12 systems with a variety of malicious tools. The group’s operations were first uncovered in January 2025 when a unique backdoor named LaxGopher was detected on a government network.

Who's Behind It

According to ESET, a Slovakian cybersecurity firm, GopherWhisper utilizes a range of tools primarily written in Go. These tools include injectors and loaders designed to deploy various backdoors, allowing the attackers to maintain control over compromised systems. The group is suspected to be operating within the China Standard Time zone, as indicated by the timestamps of their communications.

Tactics & Techniques

GopherWhisper employs several sophisticated techniques to achieve its objectives:

  • Command and Control (C&C): The group uses legitimate services like Discord, Slack, and Microsoft 365 Outlook for C&C communication and data exfiltration.
  • Malware Arsenal: The group’s toolkit includes multiple backdoors such as:
    • LaxGopher: Executes commands and downloads additional malware via Slack.
    • CompactGopher: Collects files of interest and exfiltrates them in encrypted ZIP format.
    • RatGopher: Utilizes Discord for command execution and file transfer.
    • SSLORDoor: A C++ backdoor that communicates over port 443, allowing remote file operations.

Defensive Measures

Organizations, particularly those within the government sector, should be vigilant against such sophisticated threats. Here are some recommended actions:

Do Now

  • 1.Monitor Network Traffic: Keep an eye on unusual C&C communications, especially from services like Discord and Slack.
  • 2.Update Security Protocols: Ensure that all systems are patched and that security protocols are up to date to prevent unauthorized access.

Conclusion

The emergence of GopherWhisper highlights the ongoing risks posed by state-sponsored cyber threats. With their ability to infiltrate government systems, the potential for sensitive data compromise is significant. Continuous monitoring and proactive security measures are essential to mitigate these risks.

🔒 Pro Insight

🔒 Pro insight: GopherWhisper's use of legitimate platforms for C&C indicates a shift in APT tactics, making detection more challenging for traditional security measures.

THThe Hacker News
Read Original

Share

Related Pings

Preview image for Tropic Trooper Attack - Custom Beacon and VS Code Tunnels Exploited
Threat Intel
HIGH

Tropic Trooper Attack - Custom Beacon and VS Code Tunnels Exploited

A new Tropic Trooper cyberattack campaign targets Chinese-speaking individuals using military-themed lures. The attack exploits GitHub for command-and-control, complicating detection efforts. Organizations must enhance their defenses to mitigate these sophisticated tactics.

CSCyber Security News
Read PingRead Source
Preview image for Cyber-Attacks Surge 63% Annually in Education Sector
Threat Intel
HIGH

Cyber-Attacks Surge 63% Annually in Education Sector

Cyber-attacks in the education sector surged by 63% last year, highlighting the growing risks faced by schools and universities. With increasing threats from ransomware and hacktivism, institutions must enhance their security measures. Quorum Cyber's report outlines critical steps to mitigate these risks.

IMInfosecurity Magazine
Read PingRead Source
Preview image for Chinese-Language Guarantee Telegram Marketplaces - Evolving Threats
Threat Intel
HIGH

Chinese-Language Guarantee Telegram Marketplaces - Evolving Threats

Chinese-language guarantee marketplaces on Telegram are thriving despite the closure of Huione Guarantee. These platforms facilitate global fraud, impacting various sectors. Awareness and vigilance are essential to combat these evolving threats.

RFRecorded Future Blog
Read PingRead Source
Preview image for Mythos Leaks - DOD Prepares Aggressive Cyber Strategy
Threat Intel
HIGH

Mythos Leaks - DOD Prepares Aggressive Cyber Strategy

The DOD is set to enhance its cyber strategy as new threats emerge, including the Lotus Wiper and unpatched SharePoint servers. Cybersecurity remains a critical focus.

CWCyberWire Daily
Read PingRead Source
Preview image for Phishing Defense Layer - Essential Insights from Top CISOs
Threat Intel
HIGH

Phishing Defense Layer - Essential Insights from Top CISOs

Phishing attacks are a major threat, starting 90% of cyber incidents. Top CISOs emphasize the need for a robust defense layer to mitigate risks. Implementing effective solutions can significantly enhance incident response and lower breach risks.

CSCyber Security News
Read PingRead Source
Preview image for UK Faces Cyber 'Perfect Storm' Amid Nation State Threats
Threat Intel
HIGH

UK Faces Cyber 'Perfect Storm' Amid Nation State Threats

The UK faces a cyber 'perfect storm' due to geopolitical tensions and rapid tech changes. Nation-state threats are rising, pushing organizations to improve their defenses.

IMInfosecurity Magazine
Read PingRead Source