GoSerpent RAT Targets Southeast Asian Governments for Espionage

GoSerpent RAT Targets Southeast Asian Governments for Espionage

First seen 17 Jul 2026, 10:24 UTC SecurelistGbhackersThehackernews 75% similarity 72.5

Article Content

Browse articles
ThreatCluster

A cyber espionage campaign utilizing the GoSerpent remote access Trojan (RAT) has been targeting government and diplomatic entities in Southeast Asia since late 2025. The attackers have employed sophisticated data collection techniques, including credential dumping and the use of proxy tools, to exfiltrate sensitive documents. The GoSerpent malware, first identified in February 2026, has evolved to include new variants that enhance its stealth and capabilities. The initial phase of the attacks involved deploying the GoSerpent backdoor, which communicates with command-and-control servers using advanced encryption methods. The attackers have been able to collect and store sensitive files for weeks before exfiltrating them through network shares. The ongoing threat has raised significant concerns among cybersecurity professionals due to its strategic targeting and advanced techniques. The campaign highlights the persistent risks faced by governmental organizations in the region.

Key Points: • GoSerpent RAT has targeted Southeast Asian government and diplomatic entities since late 2025. • The malware employs sophisticated data collection and credential dumping techniques. • Recent variants of GoSerpent enhance stealth and capabilities for prolonged espionage.

ThreatCluster AI

Timeline

2025-12-01
Initial GoSerpent activities detected
Malicious activities using the GoSerpent RAT began targeting Southeast Asian governments.
Securelist
2026-02-01
GoSerpent identified by researchers
Cybersecurity researchers first identified the GoSerpent RAT and its capabilities in February 2026.
Gbhackers
2026-05-01
Evolved GoSerpent tools deployed
The threat actor deployed new variants of GoSerpent, including the Stowaway RAT and additional exfiltration tools.
Securelist
2026-07-16
Securelist publishes findings
Securelist published detailed analysis of the GoSerpent RAT and its operational methods targeting Southeast Asia.
Securelist
2026-07-17
Gbhackers report on GoSerpent
Gbhackers reported on the ongoing cyber espionage campaign and its impact on government files.
Gbhackers

Community

Browse all →