An advanced persistent threat (APT) group linked to China, known as GopherWhisper, has compromised 12 government systems in Mongolia. According to cybersecurity firm ESET, the attackers infected the systems with backdoors written in the Go programming language, using an arsenal of injectors and loaders to maintain access.
Technical arsenal: injectors and loaders in Go 🛠️
GopherWhisper's toolkit is based on Go, a compiled language that facilitates the creation of cross-platform binaries and hinders static analysis. The injectors insert malicious code into legitimate processes, while the loaders download and execute additional backdoors. This combination allows attackers to evade initial detections and maintain persistence on compromised systems without raising immediate suspicion.
Gophers hungry for government data 🐹
It seems that Mongolia's gophers (marmots) not only dig tunnels, but now also drill through firewalls. GopherWhisper demonstrates that if you want to spy on governments, it's better to do it with a modern and efficient language. Forget old Perl scripts; state espionage is now done with Go, which at least compiles quickly while you steal classified documents.