Analysis governmentdiplomatic
GopherWhisper: China-Aligned APT Using Cloud Messaging C2 Against Mongolian Government
GopherWhisper is a China-aligned threat actor discovered by ESET in January 2025 and publicly disclosed in April 2026. The group operates Go-based implants that use Slack, Discord, Microsoft 365 Outlook, and legitimate file-sharing services as command-and-control channels, almost entirely avoiding traditional C2 infrastructure. Their campaigns have persistently targeted the Mongolian government.