Dangerous new GoSerpent malware is apparently looking for government secrets


  • Kaspersky uncovers GoSerpent, a long-running campaign on Southeast Asian government systems using a backdoor, RAT (Stowaway) and exfiltration tool (TmcLoader)
  • The attackers were extremely patient, waiting weeks before deploying secondary tools to evade detection and survive log retention policies.
  • Attribution remains uncertain, but overlaps with past TetrisPhantom operations; defenders are advised to review shared IoCs for compromise

Security researchers Kaspersky have discovered five-year-old malware lurking on government computers in the Southeast Asian region, harvesting secrets and other exploitable intelligence.

The company analyzed a campaign called GoSerpent, which includes a backdoor of the same name, a remote access Trojan (RAT) called Stowaway, and a two-step data exfiltration tool called TmcLoader.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top