Data Security, Malware, Threat Intelligence

GopherWhisper: China-linked hackers target governments with custom Go toolkit

April 24, 2026

China Bans Cyber Attacks: Examining Internet Security with Chinese Flag and Binary Data Through a Magnifying Glass Concept

(Adobe Stock)

Bleeping Computer reports that a sophisticated state-backed threat actor, identified as GopherWhisper, has been actively targeting government entities since at least 2023. This group, believed to be linked to China, employs a custom toolkit written in the Go programming language and utilizes legitimate services for its malicious operations.

ESET research revealed GopherWhisper's tactics, which include deploying multiple Go-based backdoors like LaxGopher and RatGopher, along with a C++ backdoor named SSLORDoor. These tools leverage popular platforms such as Microsoft 365 Outlook, Slack, and Discord for command-and-control (C2) communication. The attackers also utilize a custom tool, CompactGopher, to compress and exfiltrate stolen data to file-sharing services like File.io. In one identified campaign, a Mongolian government entity was targeted, with dozens of other victims suspected based on C2 traffic analysis.

Source: Bleeping Computer

SC Staff

Oracle Corporation location. Oracle offers technology and cloud based solutions II

Data Security

ShinyHunters gang targets Oracle PeopleSoft servers in data theft attacks

SC StaffJune 10, 2026

The ShinyHunters gang is exploiting a combination of old and zero-day vulnerabilities, referred to as a "gadget chain," to target both cloud and on-premises Oracle PeopleSoft instances.