VMTech
+381 11 4150 20024/7 Discuss a project
← All Instagram insights VMTECH · INSTAGRAM

GopherWhisper compromised 12 Mongolian government systems: Go backdoors and C2 via Discord/Slack

GopherWhisper заразил 12 монгольских госсистем: Go‑бекдоры и C2 через Discord/Slack

Colleagues, attention in cybersecurity: the China‑linked group GopherWhisper compromised 12 Mongolian government systems.

- ESET identified a Go toolset (LaxGopher, RatGopher, CompactGopher), a C++ backdoor (SSLORDoor), and loaders.
- Operators leverage Slack, Discord, Microsoft 365 (Graph) and file.io for C2 and exfiltration; activity timings align with China time zones.
- Initial access is unclear; after persistence they deploy injectors, file collectors, and encrypt archives prior to leakage.

Why it matters: reliance on legitimate services and widespread Go tooling complicate detection and response.

What will you change in email and messenger defenses?

#cybersecurity #APT #threats #incidents

Latest comments

No comments yet.