GopherWhisper Spills the Tea: China's New Cyber Gang Slides Into Your Slack DMs and Discord Servers episode artwork

EPISODE · Apr 26, 2026 · 3 MIN

GopherWhisper Spills the Tea: China's New Cyber Gang Slides Into Your Slack DMs and Discord Servers

from Digital Dragon Watch: Weekly China Cyber Alert · host Inception Point AI

This is your Digital Dragon Watch: Weekly China Cyber Alert podcast. Hey listeners, Alexandra Reeves here with Digital Dragon Watch, your weekly China cyber alert. Diving straight into the past seven days' hottest threats as of April 26, 2026. ESET just dropped a bombshell report on GopherWhisper, a fresh China-linked APT group that's been prowling since at least November 2023, but ramping up hits in 2025 and now. They nailed a Mongolian government entity, infecting about 12 systems with sneaky Go-based backdoors like LaxGopher, which hijacks Slack for command-and-control chats, exfiltrating files and spawning payloads. RatGopher flips to Discord for C2, uploading downloads via file.io, while SSLORDoor uses OpenSSL over raw TCP sockets to hide command prompts and manipulate files. Then there's BoxOfFriends leaning on Microsoft Graph API through Outlook drafts for stealthy exfil and shell access, loaded by the FriendDelivery DLL injector. ESET attributes this whole toolkit to GopherWhisper—no matches to known groups—targeting government sectors with legit services as cover, a slick new vector abusing trusted platforms like Slack, Discord, and Outlook to dodge detection. Over in the US, Senate Judiciary Committee fired warnings on April 25. Senator Thom Tillis pegged China's IP theft at $400 to $600 billion yearly, calling it a national security gut punch aimed at stealing America's innovation crown. Senator Richard Durbin slammed Beijing's economic espionage, costing $225 to $600 billion annually, gutting R&D incentives. No fresh executive actions announced, but bipartisan heat signals tighter scrutiny on China tech flows. Defensive plays? Experts urge segmenting comms tools—firewall Slack, Discord, and Outlook APIs rigorously. ESET recommends behavioral monitoring for anomalous C2 over legit services, plus Go malware hunters like YARA rules tailored to LaxGopher's drive enumeration. For IP defense, Jazz CEO Ido Livneh pushes AI-driven data loss prevention ahead of World IP Day today, locking down high-stakes leaks. China's pushing back with state-controlled AI governance, weaving strict data flows into national security, per NextIAS analysis—think centralized clamps on frontier models to counter autonomous cyber risks. But as Finance Minister Nirmala Sitharaman noted in ET Awards chatter, threats like Mythos rival Iran-level digital wars. Stay vigilant, listeners—patch those APIs, audit cloud integrations, and run multi-engine scans. Train your teams on living-off-the-land tactics. Thanks for tuning in—subscribe for more Dragon Watch intel. This has been a Quiet Please production, for more check out quietplease.ai. For more http://www.quietplease.ai Get the best deals https://amzn.to/3ODvOta This content was created in partnership and with the help of Artificial Intelligence AI.

This is your Digital Dragon Watch: Weekly China Cyber Alert podcast. Hey listeners, Alexandra Reeves here with Digital Dragon Watch, your weekly China cyber alert. Diving straight into the past seven days' hottest threats as of April 26, 2026. ESET just dropped a bombshell report on GopherWhisper, a fresh China-linked APT group that's been prowling since at least November 2023, but ramping up hits in 2025 and now. They nailed a Mongolian government entity, infecting about 12 systems with sneaky Go-based backdoors like LaxGopher, which hijacks Slack for command-and-control chats, exfiltrating files and spawning payloads. RatGopher flips to Discord for C2, uploading downloads via file.io, while SSLORDoor uses OpenSSL over raw TCP sockets to hide command prompts and manipulate files. Then there's BoxOfFriends leaning on Microsoft Graph API through Outlook drafts for stealthy exfil and shell access, loaded by the FriendDelivery DLL injector. ESET attributes this whole toolkit to GopherWhisper—no matches to known groups—targeting government sectors with legit services as cover, a slick new vector abusing trusted platforms like Slack, Discord, and Outlook to dodge detection. Over in the US, Senate Judiciary Committee fired warnings on April 25. Senator Thom Tillis pegged China's IP theft at $400 to $600 billion yearly, calling it a national security gut punch aimed at stealing America's innovation crown. Senator Richard Durbin slammed Beijing's economic espionage, costing $225 to $600 billion annually, gutting R&D incentives. No fresh executive actions announced, but bipartisan heat signals tighter scrutiny on China tech flows. Defensive plays? Experts urge segmenting comms tools—firewall Slack, Discord, and Outlook APIs rigorously. ESET recommends behavioral monitoring for anomalous C2 over legit services, plus Go malware hunters like YARA rules tailored to LaxGopher's drive enumeration. For IP defense, Jazz CEO Ido Livneh pushes AI-driven data loss prevention ahead of World IP Day today, locking down high-stakes leaks. China's pushing back with state-controlled AI governance, weaving strict data flows into national security, per NextIAS analysis—think centralized clamps on frontier models to counter autonomous cyber risks. But as Finance Minister Nirmala Sitharaman noted in ET Awards chatter, threats like Mythos rival Iran-level digital wars. Stay vigilant, listeners—patch those APIs, audit cloud integrations, and run multi-engine scans. Train your teams on living-off-the-land tactics. Thanks for tuning in—subscribe for more Dragon Watch intel. This has been a Quiet Please production, for more check out quietplease.ai. For more http://www.quietplease.ai Get the best deals https://amzn.to/3ODvOta This content was created in partnership and with the help of Artificial Intelligence AI.

NOW PLAYING

GopherWhisper Spills the Tea: China's New Cyber Gang Slides Into Your Slack DMs and Discord Servers

0:00 3:46

No transcript for this episode yet

We transcribe on demand. Request one and we'll notify you when it's ready — usually under 10 minutes.

No similar episodes found.

No similar podcasts found.

Frequently Asked Questions

How long is this episode of Digital Dragon Watch: Weekly China Cyber Alert?

This episode is 3 minutes long.

When was this Digital Dragon Watch: Weekly China Cyber Alert episode published?

This episode was published on April 26, 2026.

What is this episode about?

This is your Digital Dragon Watch: Weekly China Cyber Alert podcast. Hey listeners, Alexandra Reeves here with Digital Dragon Watch, your weekly China cyber alert. Diving straight into the past seven days' hottest threats as of April 26,...

Can I download this Digital Dragon Watch: Weekly China Cyber Alert episode?

Yes, you can download this episode by clicking the download button on the episode player, or subscribe to the podcast in your preferred podcast app for automatic downloads.
URL copied to clipboard!