· 1 min read

Breaking: New GopherWhisper APT Abuses Outlook, Slack, Discord for Espionage

New state-backed APT GopherWhisper discovered using Go-based toolkit and legitimate platforms (Outlook, Slack, Discord) to target government entities.

Breaking News — April 23, 2026

A previously undocumented state-backed threat actor named GopherWhisper has been discovered using a Go-based custom toolkit and legitimate services like Microsoft 365 Outlook, Slack, and Discord in attacks against government entities.

Key Findings

  • Threat Actor: GopherWhisper (previously undocumented)
  • Toolkit: Go-based custom malware
  • Communication channels: Microsoft 365 Outlook, Slack, Discord
  • Targets: Government entities
  • Attribution: State-backed APT

Tactics

By abusing legitimate communication platforms, GopherWhisper blends in with normal traffic, making detection extremely difficult. The use of everyday business tools for command-and-control is a growing trend among sophisticated threat actors.

The Go-based toolkit suggests a well-resourced operation with custom development capabilities.

Source: BleepingComputer

More from the Blog

Breaking: UK Warns of Chinese Hackers Using Hijacked Consumer Device Botnets

NCSC-UK warns China-linked hackers are using botnets of hijacked home routers and smart devices to hide malicious activity and evade detection.

Read more

Breaking: CISA Orders Federal Agencies to Patch Microsoft Defender Zero-Day (BlueHammer)

CISA issues emergency directive for federal agencies to patch Microsoft Defender zero-day flaw BlueHammer, actively exploited in the wild.

Read more