APT & Nation-StateBleeping Computer
8.5 — CRITICAL
New GopherWhisper APT group abuses Outlook, Slack, Discord for comms
A previously undocumented state-backed threat actor named GopherWhisper is using a Go-based custom toolkit and legitimate services like Microsoft 365 Outlook, Slack, and Discord in attacks against government entities. [...]
🤖 AI BriefingAuto-generated threat analysis
🔍Threat Overview
GopherWhisper, a state-backed threat actor, has been linked to China and is using legitimate services like Outlook, Slack, and Discord for comms in attacks against government entities since at least 2023.
⚙️Technical Details
Affected Systems
Mongolian government institution
Attack Vectors
Microsoft Graph APISlackDiscordFile.io file-sharing service
💥Impact Assessment
Severity: High
Who Is at Risk
Government entities in Mongolia and potentially others
🛡️Recommended Actions
1Monitor legitimate services for suspicious activity
2Implement strict access controls on Microsoft Graph API
3Regularly scan systems for signs of GopherWhisper backdoors
📦Affected Products
Microsoft OutlookSlackDiscord
Read the full article
This is a curated summary. The complete article is available at Bleeping Computer.