China-linked APT GopherWhisper Exploits Legitimate Services for Gov’t Hacking

Vaibhav April 25, 2026
www.news4hackers.com-china-linked-apt-gopherwhisper-exploits-legitimate-services-for-gov-t-hacking-china-linked-apt-gopherwhisper-exploits-legitimate-services-for-gov-t-hacking
Post Views: 1

Chinese-Legislated APT Group Abuses Legitimate Services for Governmental Attacks

In a recent discovery, researchers have identified a previously unknown Advanced Persistent Threat (APT) group linked to China, utilizing legitimate services for command-and-control (C&C) communication and data exfiltration.

Dubbed GopherWhisper by the research team, this APT group has been active since at least November 2023

and was first brought to light in January 2025, following the investigation into a Go-based backdoor discovered on the systems of a governmental entity in Mongolia.

The APT group primarily utilizes legitimate services such as Slack for C&C communication, allowing it to remain under the radar of traditional security measures.

Its arsenal includes a range of sophisticated tools, including LaxGopher, a custom loader capable of executing commands via the command prompt, fetching and executing additional payloads, and exfiltrating victim data.

According to the research team, “LaxGopher is notable for its ability to enumerate drives and files, making it a valuable asset in the group’s attacks.”
  • LaxGopher
  • JabGopher, a DLL injector designed to load the LaxGopher backdoor into the memory of a newly spawned instance of svchost.exe.
  • CompactGopher, a file collector written in Go that can compress files from the command line and send them to the file.io file-sharing service using a public REST API.
  • RatGopher, a Go-based backdoor that uses Discord for C&C communication, allowing it to open new instances of the command prompt and upload or download files.

The APT group’s tactics, techniques, and procedures (TTPs) demonstrate a high level of sophistication, indicating a significant investment of resources and expertise.

Their use of legitimate services makes it challenging for defenders to detect their activity, highlighting the importance of ongoing vigilance and adaptability in today’s threat landscape.

In total, the APT group has infected approximately 12 systems within the victimized Mongolian governmental institution, with dozens of other potential targets likely affected as well.

Due to the distinct nature of the group’s TTPs and targeting, researchers have chosen to attribute the described toolset to a new APT group, dubbed GopherWhisper.

This development underscores the evolving nature of cyber threats and the need for continued innovation and cooperation among security professionals to stay ahead of emerging threats.

As the threat landscape continues to evolve, it is essential for organizations to remain vigilant and proactive in their security efforts, leveraging the latest technologies and best practices to protect themselves against ever-changing threats like GopherWhisper.




About Author

Vaibhav

See author's posts

More Stories

www.news4hackers.com-trump-administration-targets-chinese-firms-for-misusing-ai-technology-developed-in-us-trump-administration-targets-chinese-firms-for-misusing-ai-technology-developed-in-us

Trump Administration Targets Chinese Firms for Misusing AI Technology Developed in US

Vaibhav April 24, 2026
www.news4hackers.com-third-party-data-breach-exposed-claude-mythos-anthropic-probes-controversy-third-party-data-breach-exposed-claude-mythos-anthropic-probes-controversy

Third-Party Data Breach Exposed: Claude Mythos Anthropic Probes Controversy

Vaibhav April 23, 2026
www.news4hackers.com-ai-driven-phishing-attacks-surge-experts-warn-of-rising-threats-ai-driven-phishing-attacks-surge-experts-warn-of-rising-threats

AI-Driven Phishing Attacks Surge: Experts Warn of Rising Threats

Vaibhav April 23, 2026

Latest Cyber Security News

www.news4hackers.com-china-linked-apt-gopherwhisper-exploits-legitimate-services-for-gov-t-hacking-china-linked-apt-gopherwhisper-exploits-legitimate-services-for-gov-t-hacking

China-linked APT GopherWhisper Exploits Legitimate Services for Gov’t Hacking

Vaibhav April 25, 2026
www.news4hackers.com-chaibasa-salary-payment-system-scandal-exposed-with-45-lakh-embezzlement-chaibasa-salary-payment-system-scandal-exposed-with-45-lakh-embezzlement

Chaibasa Salary Payment System Scandal Exposed with ₹45 Lakh Embezzlement

Vaibhav April 25, 2026
www.news4hackers.com-india-faces-imminent-cyber-attack-threat-banks-on-high-alert-india-faces-imminent-cyber-attack-threat-banks-on-high-alert

India Faces Imminent Cyber Attack Threat: Banks on High Alert

Vaibhav April 25, 2026
www.news4hackers.com-screen-sharing-scams-on-upi-platform-soar-be-aware-of-new-trickster-tactics-screen-sharing-scams-on-upi-platform-soar-be-aware-of-new-trickster-tactics

Screen Sharing Scams on UPI Platform Soar: Be Aware of New Trickster Tactics

Vaibhav April 25, 2026
www.news4hackers.com-italy-s-secret-spy-app-exposed-how-morpheus-hacks-android-devices-italy-s-secret-spy-app-exposed-how-morpheus-hacks-android-devices

Italy’s Secret Spy App Exposed: How Morpheus Hacks Android Devices

Vaibhav April 25, 2026
en_USEnglish
en_USEnglish