US AI Experts Targeted in SugarGh0st RAT Campaign – Source: www.darkreading.com

Source: Thongden Studio via Shutterstock

A likely Chinese threat actor is using a recent variant of the notorious Gh0st RAT malware to try and steal information from artificial intelligence experts in US companies, government agencies, and academia.

Researchers at security vendor Proofpoint first spotted the campaign earlier this month and are tracking the previously unknown threat actor behind it as “UNK_SweetSpecter.”

A Super-Targeted SugarGh0st Campaign

In a report released on May 16, the security vendor identified the group as using an AI-themed phishing lure to distribute a remote access trojan (RAT) called SugarGh0st to a highly selective list of AI experts. “The May 2024 campaign appeared to target less than 10 individuals, all of whom appear to have a direct connection to a single leading US-based artificial intelligence organization according to open source research,” Proofpoint said.

So far, at least, there’s not enough telemetry to link the malicious activity to any known nation-state threat actor or objective. “[But] the lure theme specifically referencing an AI tool, targeting of AI experts, interest in being connected with ‘technical personnel,’ interest in a specific software, and highly targeted nature of this campaign is notable,” Proofpoint said. “It is likely the actor’s objective was to obtain non-public information about generative artificial intelligence.”

A Customized Gh0st RAT Variant

Cisco Talos researchers first spotted the SugarGh0st malware being used by a suspected Chinese threat actor last November in a cyberespionage and surveillance campaign targeting government officials in Uzbekistan and South Korea. The company’s analysis of the malware showed it to be a custom variant of Gh0st RAT, a remote admin tool that first surfaced in 2008 when a China threat group called the C. Rufus Security Team made its source code publicly available. Since then, multiple Chinese groups, including nation-state actors, have used it in numerous campaigns and attacks that remain active.

Cisco Talos found SugarGh0st to be different from — and an improvement on — Gh0st RAT in several important ways. For instance, SugarGh0st appears designed with reconnaissance capabilities for specific objectives. The malware’s new capabilities include one that allowed it to search for and identify specific Open Database Connectivity (OBDC) registry keys, likely for data exfiltration and lateral movement purposes. The new version also supports the ability to load and execute malicious code from library files with specific file extensions and function names. Additionally, it gives remote operators the ability to issue custom commands via the command-and-control (C2) interface.

Cisco Talos assessed many of SugarGh0st’s other core capabilities to be similar to those available in the original Gh0st RAT malware. These included features that enable full remote control of the infected machine, real-time and offline keylogging, spying via the system webcam, and downloading additional malware.

AI-Themed Lure

In the UNK_SweetSpecter campaign, Proofpoint observed the threat actor using a free account to send targets an AI-themed email with an attached zip archive. The email purported to be from a user who had encountered problems when using a particular AI tool. It sought the recipient’s help in responding to questions the user had about the purported issue or in forwarding the questions — in the attached document — to the relevant technical personnel.

Following delivery, the attached zip file dropped a shortcut file — nearly identical to one that Cisco Talos disclosed in its SugarGh0st analysis last year — on the compromised system, Proofpoint said. The shortcut file deployed a JavaScript dropper that contained a decoy document, an ActiveX tool for sideloading, and an encrypted binary, all encoded in base64. The infection chain ended with SugarGh0st deployed on the victim system and communicating with an attacker-controlled C2 server.

Proofpoint theorized the campaign is likely an attempt by a China-affiliated actor to harvest generative AI secrets via cyber theft following recent reports of US government efforts to restrict Chinese access to generative AI technologies. Earlier this year, the US Department of Justice indicted a Google software engineer for stealing AI secrets from the company and attempting to use it at two AI-related technology companies in China, including one that he founded.

“It is possible that if Chinese entities are restricted from accessing technologies underpinning AI development, then Chinese-aligned cyber actors may target those with access to that information to further Chinese development goals,” Proofpoint assessed.