"GopherWhisper, tracked as an APT since November 2023, is operating out of China and primarily targets governmental entities, utilizing legitimate services for its operations."
"LaxGopher, a backdoor used by GopherWhisper, employs Slack for command-and-control communication, enabling it to execute commands and exfiltrate victim data."
"RatGopher, another tool in GopherWhisper's arsenal, uses Discord for command-and-control communication and can upload or download files from file.io."
"The investigation revealed additional tools like SSLORDoor, which uses OpenSSL BIO for communication, and BoxOfFriends, which relies on the Microsoft Graph API."
GopherWhisper, an APT tracked since November 2023, operates from China and utilizes legitimate services like Slack and Discord for command-and-control communication. The group was highlighted during an investigation into a Go-based backdoor found in a Mongolian governmental entity. Key tools include LaxGopher, which executes commands and exfiltrates data, and RatGopher, which also facilitates file transfers. Additional tools like SSLORDoor and BoxOfFriends further enhance their capabilities, allowing for extensive manipulation and communication through various channels.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]