Unwary Chinese Hackers Hardcoded Credentials into Backdoors
Eset researchers discovered a previously undetected Chinese nation-state threat actor, dubbed GopherWhisper, which used hardcoded credentials in backdoors written in the Go programming language. The hackers used Slack, Discord, and Microsoft Office accounts for command and control, leaving behind logs that revealed their activities and environment.
Eset researchers discovered a Chinese nation-state threat actor, GopherWhisper, using Go-based malware. The hackers hardcoded command and control credentials into backdoors, which were used to infect a Mongolia government agency in August 2024. GopherWhisper used Slack, Discord, and Microsoft Office accounts for command and control, and file.io for data exfiltration. Researchers found source code for custom backdoors, RatGopher and LaxGopher, on a Discord channel and GitHub repositories. The threat actor's carelessness in leaving logs uncleaned allowed Eset to uncover their activities and environment. GopherWhisper's tactics resemble those of other Chinese cyberespionage groups, but with distinct code and procedures.
This content was automatically generated and/or translated by AI. It may contain inaccuracies. Please refer to the original sources for verification.