Golang
-
VolkLocker ransomware contains hard-coded master keys, SentinelOne analysis finds
A SentinelOne analysis says VolkLocker, a RaaS from the CyberVolk collective, contains hard-coded master keys and writes a plaintext backup key to the temporary folder, enabling file recovery without payment while still displaying typical ransomware behaviors.
-
CISA details BRICKSTORM backdoor used by PRC-linked hackers against vSphere and Windows environments
CISA has published technical details of BRICKSTORM, a Golang backdoor used by PRC-linked threat actors to maintain stealthy, long-term access to VMware vSphere and Windows environments; CrowdStrike and other firms link the tool to UNC5221 and Warp Panda, while the Chinese embassy has denied the allegations.
-
APT36 uses Golang DeskRAT in spear‑phishing campaign against Indian government targets
Security researchers reported that APT36 (Transparent Tribe) used spear‑phishing to deliver a Golang remote access trojan called DeskRAT against Indian government targets, with the campaign targeting BOSS Linux, using multiple persistence methods and WebSocket C2.
