Zscaler ThreatLabz uncovered two recent cyberespionage campaigns—Gopher Strike and Sheet Attack—targeting Indian government entities and deploying custom Golang tools while using legitimate infrastructure to evade detection. The operations introduce new malware like GOGITTER, GOSHELL, and GITSHELLPAD and suggest experimentation with generative AI, pointing to a possible Pakistan-linked subgroup. #GopherStrike #GITSHELLPAD
Keypoints
- Zscaler ThreatLabz identified two distinct campaigns—Gopher Strike and Sheet Attack—targeting Indian government organizations.
- Gopher Strike uses Golang-based tools (GOGITTER, GOSHELL, GITSHELLPAD) and deceptive PDFs/ISO files to gain initial access.
- GITSHELLPAD abuses private GitHub repositories for command-and-control to blend malicious traffic with legitimate developer activity.
- Sheet Attack reportedly incorporates generative AI in malware development, indicating next-generation offensive experimentation.
- Researchers note similarities to APT36 but assess a possible new Pakistan-linked subgroup; defenders should monitor GitHub connections and inspect PDF/ISO attachments.