Dangerous new GoSerpent malware is apparently on the hunt for government secrets
- Kaspersky uncovers GoSerpent, a long‑running campaign on Southeast Asian government systems using a backdoor, RAT (Stowaway), and exfiltration tool (TmcLoader)
- Attackers showed extreme patience, waiting weeks before deploying secondary tools to evade detection and outlast log retention policies
- Attribution remains uncertain, but overlaps with past TetrisPhantom operations; defenders are urged to review shared IoCs to detect compromise
Security researchers Kaspersky discovered a five-year-old piece of malware that’s been hiding on government computers in the Southeast Asian region, harvesting secrets and other actionable intelligence.
The company analyzed a campaign called GoSerpent, which comprises of a backdoor of the same name, a Remote Access Trojan (RAT) called Stowaway, and a two-stage data exfiltration tool called TmcLoader.
The backdoor was first used in 2021, it was said, meaning it was successfully hiding for half a decade. This was achieved, among other things, with plenty of patience and careful planning.
TetrisPhantom
“What stands out...
Copyright of this story solely belongs to techradar.com. To see the full text click HERE