Proofpoint discovered a cyber operation using the SugarGh0st RAT, affiliated with UNK_SweetSpecter, targeting businesses, universities, and government agencies in the United States in May 2024. The attack method involved sending AI-themed emails with zip files containing a JavaScript dropper for deploying the RAT. The campaign aimed at data exfiltration, command and control operations, and keylogging
The attackers, identified possibly as Chinese-speaking threat actors, focused on AI experts, hinting at an interest in generative AI information. Partnerships like the one between Proofpoint and Yahoo! Paranoids Advanced Cyber Threats Team are crucial for detecting and mitigating such complex attacks, underlining the importance of strong cybersecurity measures in the face of evolving cyber threats. ```https://cybersecuritynews.com/sugargh0st-rat-attacks/