securelist.com 7/16/2026, 12:20:56 PM · external

GoSerpent RAT hits Southeast Asian govt with covert data theft

GoSerpent RAT hits Southeast Asian govt with covert data theft
CyberSIXT Evidence Panel Source marked as original reporting

THE article details the GoSerpent malware campaign, a sophisticated threat targeting government and diplomatic entities in Southeast Asia. It began in late 2025, involving a remote access Trojan (RAT) called GoSerpent, which has encrypted communications with command-and-control servers and integrates various malicious tools for data exfiltration.

The attack phases include initial deployment of GoSerpent, followed by a collection using ThumbcacheService for sensitive files, and later stages using new tools like Stowaway for enhanced stealth and data transfer. The campaign demonstrates a high level of operational planning and technical expertise, with potential links to other threat actors. The piece concludes the importance of robust security measures for detecting and preventing such threats.

View full article

Article by CyberSIXT