A China-linked APT has been identified that uses multiple Go-basked backdoors.

GopherWhisper is a newly identified China‑linked APT group active since at least late 2023, uncovered during an investigation into a Mongolian government compromise. The group uses multiple Go‑based backdoors—such as LaxGopher, RatGopher, and BoxOfFriends—that rely on legitimate services like Slack, Discord, file.io, and Microsoft Graph for command‑and‑control and exfiltration. Their toolset also includes custom loaders and injectors like JabGopher and FriendDelivery to execute malware stealthily in memory.

Read more:

https://www.securityweek.com/china-linked-apt-gopherwhisper-abuses-legitimate-services-in-government-attacks/