Signal

China-linked GopherWhisper targets Mongolian government with Go-based backdoors

Evidence first: scan the strongest sources, then decide whether to go deeper.

Published 2026-04-23 09:04 UTCUpdated 2026-04-23 16:03 UTC

rss

cveexploitsthreat_actorsmalwareincident_responsesecurity_policy

Source links open

Source links and full evidence are open here. Archive history, compare-over-time, alerts, exports, API, integrations, and workflow are paid.

Back Evidence (4)Get the free brief by email Start free trial

No card needed for the free brief.

Evidence trail (top sources)

top sources (4 domains)

4 top sources shown

China-linked hackers targeted Mongolian government using Slack, Discord for covert communications

The Record (Recorded Future News) · News · therecord.media · 2026-04-23 16:03 UTC

GoGra backdoor targets Linux, abuses Microsoft Graph API for stealthy attacks

SC Media · News · scworld.com · 2026-04-23 13:40 UTC

Unwary Chinese Hackers Hardcoded Credentials into Backdoors

BankInfoSecurity · News · bankinfosecurity.com · 2026-04-23 09:38 UTC

China-Linked GopherWhisper Infects 12 Mongolian Government Systems with Go Backdoors

thehackernews · News · thehackernews.com · 2026-04-23 09:04 UTC

View all evidence

Overview

A China-aligned advanced persistent threat group named GopherWhisper has infected at least 12 Mongolian government systems using a variety of Go-based backdoors. Discovered by ESET researchers, the group has been active since late 2023 and employs injectors and loaders to deploy malware.

Score total

1.28

Momentum 24h

4

Posts

4

Origins

4

Source types

1

Duplicate ratio

0%

Why now

GopherWhisper’s activity was discovered recently, revealing new malware and tactics.
Hardcoded credentials leak provides rare insight into attacker infrastructure and communications.
Concurrent reports of Harvester group attacks underline persistent regional cyber threats.

Why it matters

Highlights ongoing China-linked cyberespionage targeting government institutions in Mongolia.
Exposes operational security flaws in threat actor malware, aiding defenders.
Shows continued use of advanced stealth techniques in state-sponsored attacks across Asia.

LLM analysis

Topic mix: lowPromo risk: lowSource quality: medium

Recurring claims

GopherWhisper has infected at least 12 Mongolian government systems using Go-based backdoors.
The group used Slack and Discord for covert communications and left hardcoded credentials in malware, exposing internal operations.
The Harvester group targets South Asian government and telecom sectors with Linux backdoors abusing Microsoft Graph API.

How sources frame it

The Hacker News: neutral

Consolidated recent findings on China-linked cyberespionage against Mongolia, emphasizing malware details and operational security lapses.

All evidence

All evidence

China-linked hackers targeted Mongolian government using Slack, Discord for covert communications

The Record (Recorded Future News) · therecord.media · 2026-04-23 16:03 UTC

GoGra backdoor targets Linux, abuses Microsoft Graph API for stealthy attacks

SC Media · scworld.com · 2026-04-23 13:40 UTC

Unwary Chinese Hackers Hardcoded Credentials into Backdoors

BankInfoSecurity · bankinfosecurity.com · 2026-04-23 09:38 UTC

China-Linked GopherWhisper Infects 12 Mongolian Government Systems with Go Backdoors

thehackernews · thehackernews.com · 2026-04-23 09:04 UTC

Show filters & breakdown

Posts loaded: 0Publishers: 4Origin domains: 4Duplicates: -

Platform

Publisher

Origin domain

Relevance tier

Duplicates only

Showing 4 / 0

Top publishers (this list)

The Record (Recorded Future News) (1)
SC Media (1)
BankInfoSecurity (1)
thehackernews (1)

Top origin domains (this list)

therecord.media (1)
scworld.com (1)
bankinfosecurity.com (1)
thehackernews.com (1)