GoSerpent Backdoor Steals Sensitive Data from Southeast Asian Governments

GoSerpent Backdoor Steals Sensitive Data from Southeast Asian Governments

First seen 17 Jul 2026, 10:24 UTC SecurelistGbhackersThehackernewsTechtimesvoi.id+1 83% similarity 72.0

Article Content

Browse articles
ThreatCluster

A cyber espionage campaign utilizing the GoSerpent backdoor has infiltrated government networks in Southeast Asia for over five years, harvesting sensitive police and biometric data. The operation, revealed by Kaspersky's GReAT, involved the use of a sophisticated remote access Trojan (RAT) that disguised its data exfiltration as legitimate internal traffic. The attackers employed stolen credentials to access and transfer data without raising alarms. The GoSerpent malware, which has evolved since its initial deployment in 2021, now includes advanced encryption methods and additional tools for stealthy data collection. The campaign's persistence and sophistication highlight significant vulnerabilities in governmental cybersecurity measures across the region. The latest variant was actively used in attacks that began in late 2025 and continued into 2026.

Key Points: • GoSerpent has been active since at least 2021, targeting Southeast Asian governments. • The malware uses stolen credentials to exfiltrate data without triggering security alerts. • Recent variants of GoSerpent include advanced encryption and additional stealth tools.

ThreatCluster AI

Timeline

2021-01-01
Initial deployment of GoSerpent malware
The first version of GoSerpent was identified targeting Southeast Asian entities with simpler code.
Securelist
2025-01-01
Ongoing malicious activities detected
Malicious activities linked to GoSerpent were discovered, indicating a prolonged campaign against government networks.
Securelist
2026-02-01
Research on GoSerpent's activities published
Kaspersky's GReAT published findings on the sophisticated espionage campaign using GoSerpent.
Techtimes
2026-05-01
Evolved malicious tools deployed
The threat actor updated their toolset, deploying new RAT and proxy tools alongside GoSerpent.
Securelist
2026-07-17
GoSerpent campaign disclosed
Kaspersky disclosed the full technical breakdown of the GoSerpent backdoor and its operations.
Techtimes

Community

Browse all →