A new malware, GoSerpent, has been identified targeting Southeast Asian governments and diplomats since late 2025 for espionage. Discovered by Kaspersky, it aims to gather intelligence through tools for credential dumping and data exfiltration, posing a significant threat to sensitive government operations.
GoSerpent malware was identified by cybersecurity researchers from Russian company Kaspersky in February 2026. It has been actively targeting government and diplomatic entities in Southeast Asia since late 2025. The malware focuses on long-term access to systems and relies on intelligence-gathering techniques.
GoSerpent contacts external servers to deploy secondary payloads for collecting sensitive data and credential dumping. It operates through encrypted command-line arguments and can set up SOCKS5 proxy servers to obscure the attacker's true location while accessing networks.
The malware incorporates various commands that allow it to alert the server of infections, manage listening ports, and facilitate both data uploading and downloading.
The threat actor using GoSerpent has shown adaptability, evolving its toolkit over time. Notable recent additions include the new Stowaway RAT and other tools designed for stealthy data exfiltration. This evolution underscores the malware's ongoing threat to the cybersecurity landscape.
The ongoing deployment of GoSerpent and similar malware highlights the vulnerabilities faced by government operations in Southeast Asia. Given its long-term access capabilities and data harvesting techniques, there is increased potential for significant breaches of sensitive information. For security professionals, this serves as a call to reinforce defenses against advanced persistent threats.
β¨ This summary was generated by AI from the outlets' reporting listed below. It is not independently verified and may contain errors β check the original sources. How BrevFeed works β
A new malware, GoSerpent, has been identified targeting Southeast Asian governments and diplomats since late 2025 for espionage. Discovered by Kaspersky, it aims to gather intelligence through tools for credential dumping and data exfiltration, posing a significant threat to sensitive government operations.