A China-aligned threat actor named UTA0388 has been conducting spear-phishing campaigns across multiple continents to deploy GOVERSHELL, a sophisticated backdoor. The campaigns exploit social engineering, fake identities, and AI tools like ChatGPT to target mainly Asian geopolitical interests and European institutions. #UTA0388 #GOVERSHELL #APT #PlugX
Keypoints
- UTA0388 targets North America, Asia, and Europe with spear-phishing campaigns designed to deliver GOVERSHELL malware.
- The campaigns use tailored social engineering techniques and build trust before delivering malicious payloads.
- Multiple variants of GOVERSHELL have been identified, each with different command capabilities, including PowerShell and DLL side-loading.
- The threat actor leverages legitimate services like Netlify, Sync, and OneDrive, and uses AI tools such as ChatGPT to enhance phishing and workflows.
- Upticks in the campaigns show a focus on Asian geopolitical issues, especially Taiwan, with automation and AI playing a significant role in operations.
Read More: https://thehackernews.com/2025/10/from-healthkick-to-govershell-evolution.html