China-Linked APT Group GopherWhisper Exploits Legitimate Services in Government Cyber Attacks
A newly identified advanced persistent threat (APT) group, known as GopherWhisper, has been exploiting legitimate services for command-and-control (C&C) communication and data exfiltration in cyber attacks targeting government entities. According to cybersecurity firm ESET, GopherWhisper has been active since at least November 2023 and is believed to be operating out of China. The group was first brought to attention in January 2025 during an investigation into a Go-based backdoor found on the systems of a governmental entity in Mongolia. This investigation led to the discovery of several other backdoors, custom loaders, and injectors associated with the group. GopherWhisper utilizes various tools, including LaxGopher, which uses Slack for C&C communication, and RatGopher, which employs Discord for similar purposes. The group has also developed a C++ backdoor called SSLORDoor, which uses OpenSSL BIO for communication. These tools allow the group to execute commands, exfiltrate data, and manipulate files on... 
