HQ/EMEAFind out how we can help your business
A newly discovered sophisticated cybercriminal campaign that uses the notorious SugarGh0st RAT targets companies involved in artificial intelligence development in the United States.
According to reports, this new campaign launched in May 2024 is called UNK_SweetSpecter. It uses a new version of the remote access trojan, SugarGh0st RAT, formerly associated with Chinese-speaking threat actors and repurposed to target AI-related companies.
Researchers explained earlier this week that the attacks utilised a free email account to deliver AI-themed lures, luring users to download linked zip archives. Subsequently, this infection method has a similar pattern to a previously detected campaign. Moreover, the attackers updated registry key names to ensure persistence and used a new command-and-control server.
The SugarGh0st RAT has recently been vital to various targeted cybercriminal operations.
Investigations revealed that the UNK_SweetSpecter campaign operators moved their C2 communications to a new domain called account.gommask[.]online, showing their adaptability in leveraging new malicious tools, such as the SugarGh0st RAT.
Researchers claimed this remote access trojan has been linked to several campaigns since its initial discovery, indicating that it was used in highly focused operations. Further studies also noted that they are still extremely targeted despite the campaigns not leveraging technically sophisticated malware or attack chains.
Furthermore, this newly discovered campaign appeared to target at least ten individuals, and most of these entities have a direct connection to a single leading US-based artificial intelligence organisation.
The researchers’ first attribution linked the campaign to Chinese language operators. However, there is no definitive evidence to support their allegations. Still, the campaign’s focus on AI professionals and timing, which coincides with US-China tensions over AI access, can be a plausible motivation.
Researchers emphasised that it is highly possible that if Chinese entities are restricted from accessing technologies supporting AI development, then China-backed threat actors may target those with access to that information and acquire intelligence that would benefit their country.
AI-related companies in the United States should be cautious with their cybersecurity measures, as various threat actors, especially from countries interested in AI development, might conduct cybercriminal operations against them.
