Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
GoSerpent Malware Targets Southeast Asian Governments

GoSerpent Malware Targets Southeast Asian Governments

Posted on July 17, 2026 By CWS

Recently, cybersecurity experts identified a new malware, GoSerpent, actively targeting government and diplomatic organizations in Southeast Asia. This malware has been in use since late 2025 and aims to maintain prolonged access to collect intelligence.

Targeted Cyber Attacks in Southeast Asia

According to Kaspersky, the Russian cybersecurity firm that discovered GoSerpent in February 2026, the malware primarily targets governmental and diplomatic entities. It operates by connecting to external servers, deploying secondary payloads to collect data, and capturing credentials from affected systems.

In May 2026, the threat actors behind GoSerpent introduced new tools. These included the Stowaway RAT and a proxy tool that evolved from the initial malware. A sophisticated method to stealthily extract sensitive data over network shares was also uncovered.

Technical Details and Capabilities

The ultimate goal of GoSerpent is to gather and exfiltrate sensitive files using a data collection tool named ThumbcacheService. The malware also employs credential dumping tools to facilitate data extraction through shared network drives. Earlier versions of this Go-based implant have been used since 2021, with updates occurring as recently as this year.

GoSerpent is capable of receiving encrypted command-line arguments containing command-and-control (C2) server addresses and passwords. Once decrypted, it establishes an encrypted connection with the C2 server, using the SHA256 hash of the password as the encryption key.

Advanced Threat Actor Techniques

The malware can execute various commands, such as alerting the server of infections, opening and closing ports, connecting to remote servers, and more. It can establish SOCKS5 proxy servers, allowing attackers to disguise their IP addresses while accessing other networks.

Additional tools used in these attacks include McMx RAT, a lightweight variant of GoSerpent, and Mimikatz for extracting credential material from the Local Security Authority Subsystem Service (LSASS). In May 2026, attackers returned to compromised systems to deploy further tools, such as Stowaway and TmcLoader.

Implications and Future Outlook

The strategic deployment of various tools with advanced data collection and exfiltration capabilities is concerning, as noted by Kaspersky. The campaign shows technical overlap with TetrisPhantom, a previously documented threat actor targeting government bodies in the Asia-Pacific region.

As cyber threats continue to evolve, organizations in Southeast Asia need to bolster their cybersecurity measures to protect sensitive information from sophisticated attacks like those orchestrated by GoSerpent.

The Hacker News Tags:APT groups, cyber espionage, cyber threats, Cybersecurity, data exfiltration, digital security, Diplomats, GoSerpent, government attacks, Kaspersky, Malware, network security, remote access trojan, Southeast Asia, threat intelligence

Post navigation

Previous Post: New ClickLock Malware Threatens macOS Security
Next Post: Beacon Security Secures $13M Funding for Data Platform

Related Posts

Old Microsoft UEFI Shims Pose Secure Boot Risk Old Microsoft UEFI Shims Pose Secure Boot Risk The Hacker News
Over 70 Malicious npm and VS Code Packages Found Stealing Data and Crypto Over 70 Malicious npm and VS Code Packages Found Stealing Data and Crypto The Hacker News
Deepfake Defense in the Age of AI Deepfake Defense in the Age of AI The Hacker News
APT28 Exploits MSHTML Vulnerability Before February 2026 Patch APT28 Exploits MSHTML Vulnerability Before February 2026 Patch The Hacker News
Gitea Security Flaw Risks Private Container Images Gitea Security Flaw Risks Private Container Images The Hacker News
XRING Flaw in XQUIC Poses Risk to HTTP/3 Servers XRING Flaw in XQUIC Poses Risk to HTTP/3 Servers The Hacker News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • CISA Alerts on Critical SharePoint Vulnerability Exploitation
  • Beacon Security Secures $13M Funding for Data Platform
  • GoSerpent Malware Targets Southeast Asian Governments
  • New ClickLock Malware Threatens macOS Security
  • ACR Stealer Exploits ClickFix to Access Sensitive Data

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • CISA Alerts on Critical SharePoint Vulnerability Exploitation
  • Beacon Security Secures $13M Funding for Data Platform
  • GoSerpent Malware Targets Southeast Asian Governments
  • New ClickLock Malware Threatens macOS Security
  • ACR Stealer Exploits ClickFix to Access Sensitive Data

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark