GopherWhisper compromised 12 Mongolian government systems: Go backdoors and C2 via Discord/Slack

Colleagues, attention in cybersecurity: the China‑linked group GopherWhisper compromised 12 Mongolian government systems.
- ESET identified a Go toolset (LaxGopher, RatGopher, CompactGopher), a C++ backdoor (SSLORDoor), and loaders.
- Operators leverage Slack, Discord, Microsoft 365 (Graph) and file.io for C2 and exfiltration; activity timings align with China time zones.
- Initial access is unclear; after persistence they deploy injectors, file collectors, and encrypt archives prior to leakage.
Why it matters: reliance on legitimate services and widespread Go tooling complicate detection and response.
What will you change in email and messenger defenses?
#cybersecurity #APT #threats #incidents


Latest comments
No comments yet.