Novel RATs leveraged in global Chinese cyberespionage campaign

Attacks with the new Gh0st malware variant dubbed "SugarGh0st" are being deployed by Chinese threat operation SneakyChef against government agencies across Asia and Europe, the Middle East, and Africa as part of a cyberespionage campaign that has been ongoing since August, The Hacker News reports.

Numerous countries' foreign affairs ministries and embassies were particularly targeted by the attacks, which facilitate malware execution through RAR archive-embedded Windows LNK files and a self-extracting RAR archive with a Visual Basic Script, according to a Cisco Talos analysis. Meanwhile, intrusions against Angola were discovered to involve phishing lures delivering the SpiceRAT trojan through DLL side-loading techniques. "With the capability to download and run executable binaries and arbitrary commands, SpiceRAT significantly increases the attack surface on the victim's network, paving the way for further attacks," said Cisco Talos researchers, who also confirmed the association between SneakyChef and Operation Diplomatic Specter, which Palo Alto Networks Unit 42 researchers reported to have been underway since late 2022.