New GopherWhisper APT group abuses Outlook, Slack, Discord for comms
Summary
A new state-backed threat actor, dubbed GopherWhisper, has emerged using a custom Go-based toolkit to target government entities. This group leverages legitimate communication platforms like Microsoft 365 Outlook, Slack, and Discord for command and control, making their activities harder to detect.
IFF Assessment
The emergence of a new, sophisticated APT group that effectively uses legitimate services for covert operations presents a significant challenge for defenders.
Defender Context
Defenders should be aware of advanced persistent threats (APTs) that blend in with normal network traffic by using cloud-based collaboration tools for command and control. Monitoring for unusual outbound connections or data exfiltration patterns from these services, even if they appear legitimate, is crucial.