SugarGh0st RAT Used to Target American Artificial Intelligence Experts

May 16, 2024, 10:31 a.m.

Description

This intelligence report provides details about a SugarGh0st RAT campaign conducted by an unattributed threat actor, tracked as UNK_SweetSpecter, targeting organizations in the United States involved in artificial intelligence (AI) efforts across academia, private industry, and government. The campaign employed phishing emails with AI-themed lures to deliver the customized Gh0stRAT variant. The objective was likely to obtain non-public information about generative AI, coinciding with recent reports of U.S. efforts to limit Chinese access to such technologies.

External References

https://www.proofpoint.com/us/blog/threat-insight/security-brief-artificial-sweetener-sugargh0st-rat-used-target-american
https://otx.alienvault.com/pulse/6645dad6f9c2b007f2405974
Tags
rat
phishing
2024-05-16
2024-05-11
sugargh0st
ai
gh0strat
sugargh0st rat

Date

  • Created: May 16, 2024, 10:07 a.m.
  • Published: May 16, 2024, 10:07 a.m.
  • Modified: May 16, 2024, 10:31 a.m.

Indicators

  • feae7b2b79c533a522343ac9e1aa7f8a2cdf38691fbd333537cb15dd2ee9397e
  • fc779f02a40948568321d7f11b5432676e2be65f037acfed344b36cc3dac16fc
  • da749785033087ca5d47ee65aef2818d4ed81ef217bfd4bc07be2d0bf105b1bf
  • 71f5ce42714289658200739ce0bbe439f6ef6fe77a5f6757b1cf21200fc59af7
  • 4ef3a6703abc6b2b8e2cac3031c1e5b86fe8b377fde92737349ee52bd2604379
  • 43.242.203.115
  • 103.148.245.235
  • account.gommask.online
  • account.drive-google-com.tk
Download all indicators here!

Attack Patterns

  • SugarGh0st RAT
  • UNK_SweetSpecter
  • T1564.003
  • T1059.001
  • T1547.001
  • T1059.007
  • T1071.001
  • T1562.001
  • T1105
  • T1566.001
  • T1027
  • T1072

Additional Informations

  • Technology
  • Education
  • Government
  • United States of America