North Korean hackers are targeting pharmaceutical firms with malware hidden in fake Excel files, using advanced spear-phishing and PowerShell scripts to steal sensitive data and evade detection.
GopherWhisper, a China-linked APT, is using legitimate platforms such as Slack and Discord to carry out stealthy attacks on government networks. Investigators uncovered a sophisticated toolkit designed to blend in with everyday traffic, making detection extremely challenging.
A newly discovered Chinese APT group, GopherWhisper, weaponized trusted platforms like Discord, Slack, and Outlook for sophisticated cyber-espionage. ESET's rare inside look reveals how attackers exploited everyday services to steal data and evade detection.
GopherWhisper, a newly discovered Chinese-linked APT, is hijacking Outlook, Slack, and Discord to run stealthy cyber-espionage campaigns against government targets. Learn how their Go-based toolkit hides in plain sight and what defenders need to know.
An advanced China-linked hacking group, GopherWhisper, has infected Mongolian government systems with Go-based malware, using popular cloud platforms for stealthy command-and-control and data theft.
Tropic Trooper’s 2026 campaign weaponized trusted tools like SumatraPDF, GitHub, and VS Code tunnels for stealthy espionage in East Asia, making detection a formidable challenge for defenders.
Tropic Trooper’s new espionage campaign uses hijacked PDF readers and developer tools—including GitHub and VS Code tunnels—to infiltrate targets in East Asia while erasing digital traces in real time.
A new Linux backdoor deployed by the Harvester group is targeting South Asian entities, using Microsoft Graph API and Outlook mailboxes as covert command channels to evade detection and steal sensitive data.
A new variant of LOTUSLITE malware, deployed by the China-linked Mustang Panda group, is targeting Indian banks and South Korean policy circles. This investigative feature breaks down the tactics, technical details, and wider implications of the ongoing cyber-espionage campaign.
APT37 is using Facebook and Telegram to lure defense sector targets into downloading trojanized software, enabling covert data theft via cloud services. Their evolving tactics blend social engineering with technical stealth, making detection harder than ever.