Dangerous new GoSerpent malware is apparently hunting for government secrets


  • Kaspersky reveals GoSerpent, a long-running campaign on Southeast Asian government systems using a backdoor, RAT (Stowaway) and exfiltration tool (TmcLoader)
  • Attackers showed extreme patience and waited weeks before deploying secondary tools to avoid detection and survive log retention policies
  • Attribution remains uncertain, but overlaps with previous TetrisPhantom operations; defenders are encouraged to review shared IoCs to detect compromise

Security researchers Kaspersky discovered a five-year-old piece of malware that has been hiding on government computers in the Southeast Asian region, harvesting secrets and other actionable intelligence.

The company analyzed a campaign called GoSerpent, which consists of a backdoor of the same name, a Remote Access Trojan (RAT) called Stowaway, and a two-stage data exfiltration tool called TmcLoader.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top