A new cyber espionage operation, dubbed SneakyChef by cybersecurity firm Cisco Talos, has been targeting foreign ministries and embassies across multiple countries. The threat actor behind the operation is using a modified version of the Gh0st RAT malware, known as SugarGh0st, which has ties to Chinese state-backed operations.
SugarGh0st is distributed through infected scanned documents that appear normal to the unsuspecting recipient. Cisco Talos first encountered this malware in November, initially without attributing it to a specific threat actor. While previously seen primarily in South Korea and Uzbekistan, the recent campaign has expanded its reach to foreign ministries and embassies in nine countries across Africa, the Middle East, Europe, and Asia.
The activity of the SneakyChef hackers dates back to at least August 2023, with the use of government-themed decoy documents as well as malicious conference registration forms and research paper abstracts. In May, Proofpoint researchers found that SugarGh0st was utilized in campaigns targeting US organizations involved in artificial intelligence efforts, spanning academia, private industry, and government services.
Gh0st RAT has been a notorious tool for state-sponsored threat actors for over a decade, used in attacks against diplomatic, political, economic, and military targets globally. The customized SugarGh0st variant enhances reconnaissance capabilities, enabling hackers to search for specific keys, file extensions, and execute custom commands while evading detection.
Moreover, SugarGh0st can gather information about the victim’s machine, such as hostname, file system, logical drive, and operating system. It also has the ability to capture screenshots of the desktop and switch between multiple windows on the victim’s device. Cisco Talos has attributed the SneakyChef operation to China with medium confidence due to its utilization of Gh0st RAT, which is commonly associated with Chinese-speaking threat actors.
Overall, the discovery of this cyber espionage operation highlights the ongoing threat posed by sophisticated malware targeting sensitive government institutions and international organizations. It underscores the importance of robust cybersecurity measures and vigilance in detecting and thwarting malicious activities aimed at compromising sensitive information and undermining national security.
Article Source
https://therecord.media/cyber-espionage-gh0st-rat-sneakychef-SugarGh0st
