Cyber espionage is no longer confined to hidden servers and suspicious domains. A recently disclosed threat group, GopherWhisper, shows how modern attackers are shifting command-and-control operations into the same tools enterprises use every day.

Instead of relying on traditional infrastructure, this group operates through platforms like Slack, Discord, and Microsoft 365, blending into normal business traffic by design.

What is GopherWhisper?

GopherWhisper is a China-aligned advanced persistent threat (APT) group identified by ESET researchers.

It was publicly documented in 2025–2026 reporting and is associated with cyberespionage activity targeting government organizations, including entities in Mongolia.

Rather than focusing on disruption or ransomware, the group’s objective is long-term intelligence collection and stealthy access.

Watch Summary Video Below: ⬇️