Dangerous New GoSerpent Malware Apparently Seeks Government Secrets



  • Kaspersky uncovers GoSerpent, a long-running campaign on Southeast Asian government systems using a backdoor, RAT (Stowaway), and exfiltration tool (TmcLoader)
  • The attackers showed extreme patience and waited weeks before deploying secondary tools to evade detection and survive log retention policies.
  • Attribution remains uncertain, but overlaps with previous TetrisPhantom operations; Defenders are urged to review shared IoCs for compromises.

Kaspersky security researchers discovered five-year-old malware that has been hiding on government computers in the Southeast Asia region, harvesting secrets and other actionable intelligence.

The company analyzed a campaign called GoSerpent, which consists of a backdoor of the same name, a remote access trojan (RAT) called Stowaway, and a two-stage data exfiltration tool called TmcLoader.

Leave a Comment

Your email address will not be published. Required fields are marked *