Find notable cyber news and cases, enriched with sources, timelines, and signals.

GoSerpent malware activity targeting Southeast Asian entities

Malware Activity
First reported
Last updated
Happening score
H score 26
1 unique sources, 1 articles

Summary

Hide ▲

GoSerpent is being used in cyber attacks against entities in Southeast Asia, with the activity focused on long-term access, intelligence gathering, and data exfiltration. The malware is aimed at government and diplomatic entities and can deploy follow-on tools for credential dumping and file collection. It also supports SOCKS5 proxying and remote access, helping operators hide traffic through compromised hosts. The toolset has expanded over time, with May 2026 activity adding new payloads for staged exfiltration.

Related Happenings

Armored Likho spear-phishing and malware-delivery campaign targeting government and power sectors

Campaign
H score37 First: 03.07.2026 16:36 Last: 03.07.2026 16:36 Sources 1

About this happening: The Armored Likho campaign is using spear-phishing and malware-delivery chains to target government agencies and the electric power sector across Russia, Brazil,...

BusySnake Stealer Windows information-theft activity

Malware Activity
H score30 First: 03.07.2026 16:36 Last: 03.07.2026 16:36 Sources 1

About this happening: The BusySnake Stealer malware is being used against Windows systems to steal browser cookies, passwords, documents, screenshots, wallet files, and Telegram data, increasin...

Showboat Linux post-exploitation backdoor framework

Malware Activity
H score16 First: 21.05.2026 17:17 Last: 21.05.2026 17:17 Sources 1

About this happening: The Showboat Linux malware has been identified as a modular post-exploitation framework used since at least mid-2022, raising the risk of persistent access on compromi...

Timeline

  1. 17.07.2026 11:46 2 articles · 3h ago

    GoSerpent malware activity targeting Southeast Asian entities

    Initial Disclosure

    Since late 2025, GoSerpent has been used against Southeast Asian government and diplomatic entities to establish covert access and begin intelligence collection. Kaspersky uncovered the activity in February 2026 after identifying a malware chain built for credential theft, proxying, and staged exfiltration.

    Show sources