Securelist
GoSerpent RAT Targets Southeast Asian Governments for Espionage
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
A cyber espionage campaign utilizing the GoSerpent remote access Trojan (RAT) has been targeting government and diplomatic entities in Southeast Asia since late 2025. The attackers have employed sophisticated data collection techniques, including credential dumping and the use of proxy tools, to exfiltrate sensitive documents. The GoSerpent malware, first identified in February 2026, has evolved to include new variants that enhance its stealth and capabilities. The initial phase of the attacks involved deploying the GoSerpent backdoor, which communicates with command-and-control servers using advanced encryption methods. The attackers have been able to collect and store sensitive files for weeks before exfiltrating them through network shares. The ongoing threat has raised significant concerns among cybersecurity professionals due to its strategic targeting and advanced techniques. The campaign highlights the persistent risks faced by governmental organizations in the region.
Key Points: • GoSerpent RAT has targeted Southeast Asian government and diplomatic entities since late 2025. • The malware employs sophisticated data collection and credential dumping techniques. • Recent variants of GoSerpent enhance stealth and capabilities for prolonged espionage.