VulnHub

Real-time Cybersecurity News

GopherWhisper: China-linked hackers target governments with custom Go toolkit

SCM feed for Latest
Actively Exploited
Critical

Overview

ESET researchers have uncovered a new hacking group known as GopherWhisper, which is linked to China and is targeting government entities. The attackers are using a custom toolkit primarily built in Go programming language, featuring multiple backdoors such as LaxGopher and RatGopher, as well as a C++ backdoor called SSLORDoor. This sophisticated approach allows them to maintain access and control over compromised systems. The implications of these attacks are significant, as they threaten sensitive government data and can disrupt critical operations. As these activities are ongoing, governments worldwide need to bolster their cybersecurity measures to defend against such targeted intrusions.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Affected Systems: Government systems, particularly those targeted by GopherWhisper.
  • Action Required: Governments should implement enhanced security protocols, conduct regular security audits, and ensure that all systems are updated with the latest security patches.
  • Timeline: Newly disclosed

Original Article Summary

ESET research revealed GopherWhisper's tactics, which include deploying multiple Go-based backdoors like LaxGopher and RatGopher, along with a C++ backdoor named SSLORDoor.

Impact

Government systems, particularly those targeted by GopherWhisper.

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Newly disclosed

Remediation

Governments should implement enhanced security protocols, conduct regular security audits, and ensure that all systems are updated with the latest security patches.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to Critical.

Read Original Article

Related Coverage

New ‘Pack2TheRoot’ flaw gives hackers root Linux access

BleepingComputer

A newly discovered vulnerability known as Pack2TheRoot poses a significant risk to Linux systems by allowing local users to gain root access through the PackageKit daemon. This flaw enables unauthorized users to install or remove system packages, potentially compromising the integrity of the system. The vulnerability could be exploited by anyone with local access to a vulnerable Linux machine, making it a concern for both individual users and organizations that rely on Linux environments. As the flaw can lead to full control over the system, it is crucial for affected users to take immediate action to mitigate risks and secure their systems. Researchers are urging users to monitor their systems closely until a patch is available.

Apr 24, 2026

Ransomware supply chain untangled by RAMP forum leak

SCM feed for Latest

The Russian dark web forum and ransomware network known as RAMP has experienced a significant data breach, revealing a trove of user records and activity logs. This leak exposed thousands of details about how the cybercrime community operates, potentially impacting many individuals and organizations involved in or targeted by ransomware activities. Security researchers have noted that the information could help law enforcement and cybersecurity experts better understand the tactics and networks used by cybercriminals. The breach raises concerns about the security of personal data and the ongoing threats posed by ransomware gangs. As these forums often serve as hubs for cybercriminal collaboration, this incident could have far-reaching implications for future ransomware attacks.

Apr 24, 2026

Over $700M in crypto, fake investment sites seized in US clampdown on Southeast Asian scam centers

SCM feed for Latest

The U.S. Scam Center Strike Force has conducted a significant operation, seizing over $700 million in cryptocurrency and shutting down more than 500 fraudulent investment websites linked to large-scale scams in Southeast Asia. These scams included romance fraud and 'pig butchering' schemes, where victims are manipulated into investing large sums of money. The operation aimed to dismantle these scam centers that have been exploiting individuals, often targeting vulnerable populations. By taking these steps, authorities hope to disrupt the financial networks that support such criminal activities and provide a deterrent to future scams. This action underscores the ongoing battle against cybercrime, particularly in regions where these scams have proliferated.

Apr 24, 2026

US, allies warn of industrialized Chinese botnets

SCM feed for Latest

The U.S., UK, and eight other allied nations have issued a warning regarding sophisticated cyber operations linked to Chinese state-sponsored groups. These operations involve the exploitation of hacked routers and Internet of Things (IoT) devices worldwide, forming extensive botnets. These botnets are being utilized for various malicious activities, including data theft and disruptive cyberattacks. The implications of this are significant, as they threaten critical infrastructure and sensitive data on a global scale. Organizations and individuals using vulnerable devices need to be particularly vigilant and take steps to secure their networks against these threats.

Apr 24, 2026

Pre-Stuxnet Sabotage Malware ‘Fast16’ Linked to US-Iran Cyber Tensions

SecurityWeek

A malware known as 'Fast16' has been linked to ongoing cyber tensions between the US and Iran. This malware specifically targets high-precision calculation software, with the intent to manipulate results. Notably, it includes a self-propagation mechanism, which allows it to spread without user intervention. This discovery raises concerns about the potential for state-sponsored cyberattacks and the implications for critical infrastructure, particularly in sectors reliant on precision calculations. As the geopolitical landscape continues to evolve, understanding threats like Fast16 becomes crucial for organizations to safeguard their operations against cyber sabotage.

Apr 24, 2026

Signal phishing campaign targets Germany’s Bundestag President Julia Klöckner

Security Affairs

Germany's Bundestag President Julia Klöckner was recently targeted in a phishing attack using the Signal messaging app. The attackers created a fake chat group that appeared to be associated with her political party, the CDU, in an attempt to deceive her. This incident highlights the vulnerabilities of even secure messaging platforms, showing that attackers can exploit them to gain access to personal or sensitive information. As political figures become more reliant on digital communication, the risk of such phishing attempts increases. It serves as a reminder for all users to remain vigilant about the authenticity of the contacts they interact with online.

Apr 24, 2026