China-Linked APT GopherWhisper Abuses Legitimate Services in Government Attacks
Dubbed GopherWhisper, the group relies on multiple Go-based backdoors alongside custom loaders and injectors. The post China-Linked APT GopherWhisper Abuses Legitimate Services in Government Attacks appeared first on SecurityWeek.
A newly uncovered APT is relying on legitimate services for command-and-control (C&C) communication and data exfiltration, ESET warns.
Tracked as GopherWhisper (PDF) and active since at least November 2023, the hacking group is operating out of China, as timestamp inspection of chat messages and emails has revealed.
The APT came to the spotlight in January 2025, during the investigation into a Go-based backdoor found on the systems of a governmental entity in Mongolia, which led to the identification of several other backdoors, custom loaders, and injectors associated with the group.
Related breach coverage
- China-Linked Hackers Hit Asian Militaries in Patient Espionage Operation2026-03-16
The state-sponsored hackers deployed custom tools and stayed dormant in the compromised environments for months. The post China-Linked Hackers Hit Asian Militaries in Patient Espionage Operation appeared first on SecurityWeek.
- Singapore: Rootkits, Zero-Day Used in Chinese Attack on Major Telecom Firms2026-02-10
China-linked UNC3886 targeted all four major telecom providers, but did not disrupt services or access customer information. The post Singapore: Rootkits, Zero-Day Used in Chinese Attack on Major Telecom Firms appeared first on SecurityWeek.
- UK Government Acknowledges It Is Investigating Cyber Incident After Media Reports2025-12-22
The British government is investigating a “cyber incident” following news reports that hackers linked to China have gained access to thousands of confidential documents. The post UK Government Acknowledges It Is Investigating Cyber Incident After Media Reports appeared first on SecurityWeek.
- Chinese Hackers Exploiting React2Shell Vulnerability2025-12-05
AWS has seen multiple China-linked threat groups attempting to exploit the React vulnerability CVE-2025-55182. The post Chinese Hackers Exploiting React2Shell Vulnerability appeared first on SecurityWeek.