GoSerpent and DoNot Team: a new wave of espionage attacks against public-sector targets in Asia

Colleagues, I’d like to draw your attention to a cybersecurity update.
Kaspersky has identified GoSerpent, a previously undocumented malware family targeting government entities and diplomats in Southeast Asia since late 2025.
The campaign is aimed at long-term access, file collection, and credential theft. It uses SOCKS5 proxies, ThumbcacheService, Mimikatz, QuarksDumpLocalHash, Stowaway and TmcLoader/TmcPayload.
Also notable is DoNot Team’s chain against military and defense organizations in Bangladesh: spear-phishing, an RTF document, geofencing, and covert persistence via OneDrive.
Why it matters: these campaigns show how mature espionage and data exfiltration toolsets have become.
How are you strengthening your defenses against such attacks?
#cybersecurity #threatintel #malware #infosec


Latest comments
No comments yet.