VulnHub

Real-time Cybersecurity News

GopherWhisper APT group hides command and control traffic in Slack and Discord

Help Net Security
Actively Exploited
APT

Overview

A new advanced persistent threat group, identified as GopherWhisper, has been linked to cyberattacks targeting a Mongolian government entity. This group, which appears to be aligned with China, is utilizing popular collaboration tools like Slack and Discord to conceal its command and control communications. By embedding malicious traffic within normal enterprise activities, they are making detection more difficult. This trend of leveraging widely used platforms for malicious purposes raises concerns for organizations that rely on these tools for communication and collaboration. As attackers continue to innovate in their methods, it is crucial for companies to remain vigilant and enhance their security measures to protect against such tactics.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Affected Systems: Slack, Discord, Outlook, file.io
  • Action Required: Organizations should enhance monitoring of collaboration tools and implement stricter security policies around their use.
  • Timeline: Newly disclosed

Original Article Summary

Attackers continue to lean on everyday collaboration platforms to hide command and control traffic inside normal enterprise noise. A newly identified China-aligned APT group pushes that trend further, running its operations through Slack workspaces, Discord servers, Outlook drafts, and the file.io sharing service. GopherWhisper toolset overview ESET researchers have named the group GopherWhisper and tied it to an intrusion at a Mongolian governmental entity. The name draws on two elements: most of the group’s tooling … More → The post GopherWhisper APT group hides command and control traffic in Slack and Discord appeared first on Help Net Security.

Impact

Slack, Discord, Outlook, file.io

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Newly disclosed

Remediation

Organizations should enhance monitoring of collaboration tools and implement stricter security policies around their use.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to APT.

Read Original Article

Related Coverage

Cyber-Attacks Surge 63% Annually in Education Sector

Infosecurity Magazine

According to a report from Quorum Cyber, educational institutions, both higher and further education, have seen a significant rise in cyber-attacks, with incidents increasing by 63% over the past year. This surge in attacks poses serious risks to the sensitive data of students and staff, as well as the integrity of educational operations. Cybercriminals are increasingly targeting schools and universities, exploiting vulnerabilities that may arise from outdated systems or inadequate security measures. The findings serve as a wake-up call for educational institutions to bolster their cybersecurity defenses and protect against potential breaches. As these attacks grow more frequent, the need for proactive security measures becomes even more urgent.

Apr 23, 2026

AI Can Autonomously Hack Cloud Systems With Minimal Oversight: Researchers

SecurityWeek

Researchers at Palo Alto Networks have introduced a new tool named Zealot, designed for penetration testing in cloud environments. This AI-driven system can perform tasks such as reconnaissance, exploitation, and data exfiltration with minimal human intervention. The implications of this technology are significant, as it could potentially enable attackers to automate hacking processes, making it easier for them to compromise cloud systems. Companies that rely on cloud infrastructure should be aware of this development, as it raises concerns about the security of their data and systems. The ability of AI to autonomously conduct cyberattacks underscores the need for enhanced security measures and vigilance in cloud environments.

Apr 23, 2026

'Zealot' Shows What AI's Capable of in Staged Cloud Attack

darkreading

A recent proof of concept has demonstrated that AI-driven attacks can occur faster than human defenders can react. This experiment showed that the AI exhibited more autonomous behavior than researchers initially anticipated, raising concerns about the future of cybersecurity defenses. The implications are significant, as organizations may struggle to keep pace with these rapidly evolving threats. If AI continues to advance in this manner, it could lead to more sophisticated and effective cyberattacks, putting sensitive data and systems at greater risk. Companies need to consider how to integrate AI into their security strategies to better prepare for these potential challenges.

Apr 23, 2026

Recent Microsoft Defender Vulnerability Exploited as Zero-Day

SecurityWeek

A newly discovered vulnerability in Microsoft Defender has been exploited as a zero-day, allowing attackers to access the Security Account Manager (SAM) database. This flaw enables them to extract NTLM hashes, potentially granting them system-level privileges. This is particularly concerning as it affects a widely used security solution, which could put numerous systems at risk. Organizations using Microsoft Defender should be vigilant, as this exploitation may lead to unauthorized access to sensitive data and systems. The urgency of addressing this vulnerability cannot be overstated, given its potential impact on user security.

Apr 23, 2026

Cyberattacks increasingly caused by unchecked AI agents

SCM feed for Latest

A report from Infosecurity Magazine warns that organizations are increasingly vulnerable to cyberattacks due to a lack of effective strategies for managing AI agents. As companies adopt AI technologies without appropriate oversight, the risk of these systems being exploited by attackers rises. This situation poses a significant threat to data security and system integrity, as poorly governed AI can facilitate malicious activities. Organizations that fail to implement clear guidelines for AI use may find themselves facing increased incidents of cybersecurity breaches. Addressing this issue is crucial for protecting sensitive information and maintaining trust in digital systems.

Apr 22, 2026

Agoda refutes claims of massive data breach

SCM feed for Latest

Agoda, a popular booking platform in Asia, has denied rumors of a significant data breach that allegedly compromised 82 million user records. This denial comes shortly after its parent company, Booking Holdings, reported a data breach affecting Booking.com, which exposed sensitive user reservation information. The claims about Agoda's breach were fueled by concerns over the recent vulnerability at Booking.com, raising alarms about the security of user data across these platforms. While Agoda insists that no such breach occurred, the situation highlights ongoing concerns over data security in the travel industry. Users should remain vigilant about their personal information, especially in light of recent incidents affecting major companies.

Apr 22, 2026