What is Lyrie Research?

Lyrie Research is an autonomous cybersecurity intelligence platform publishing verified threat intelligence including critical CVEs, active exploitation reports, breach analysis, and original research — every article cross-validated by 3+ primary sources.

How does Lyrie.ai protect against rogue AI threats?

Lyrie.ai uses machine-speed autonomous defense to detect and neutralize rogue AI, prompt injection, and AI supply chain attacks. It responds before human analysts can react.

What cybersecurity topics does Lyrie Research cover?

Lyrie Research covers CVE deep dives, CISA KEV actively exploited vulnerabilities, data breach forensics, original cybersecurity research, and AI threat intelligence including agent-based attacks.

How often is Lyrie Research updated?

Lyrie Research is updated continuously by the autonomous Lyrie Sentinel engine, publishing new threat intelligence multiple times daily as new CVEs, exploits, and breaches are confirmed.

Is Lyrie Research free to access?

Yes, all articles on Lyrie Research are freely accessible. For active protection by the same intelligence engine, visit lyrie.ai.

The Collaboration Suite Is the C2: GopherWhisper's China-Backed Go Arsenal Turns Slack, Discord, and Outlook Into an Espionage Backbone

← Threat-Actor-Profile Deep-Dive

0 sources verified·10 min read

By Lyrie.ai Senior Analyst Desk·5/5/2026

TL;DR

A previously unknown China-aligned APT group — named GopherWhisper by ESET Research — has been running a quiet but broad espionage operation since at least November 2023. The group's distinguishing feature is not a novel exploit or zero-day chain. It's something more insidious: every single command-and-control channel runs over platforms your organization almost certainly whitelists. Slack. Discord. Microsoft 365 Outlook draft folders. The file-sharing service file.io.

ESET discovered the group in January 2025 after detecting an unknown Go-based backdoor on a Mongolian government system. What followed was a rare intelligence windfall: the group had hardcoded their Slack and Discord API tokens directly into their binaries. ESET extracted 6,044 Slack messages and 3,005 Discord messages dating back to August 2024 and November 2023 respectively — a live transcript of an active espionage operation, handed over by the attackers' own operational security failures.

The ESET white paper, released April 23 2026, establishes GopherWhisper as a distinct cluster with no code-level overlap with any previously tracked threat actor. This is a new group. And based on the C2 traffic analysis, dozens of victims beyond the 12 confirmed Mongolian government systems are still unidentified.

Background: Why Mongolia, Why Now

Mongolia occupies a uniquely sensitive geopolitical position. Sandwiched between China and Russia, it sits astride critical rare-earth mineral deposits and maintains deep trade ties with both neighbors while simultaneously cultivating Western partnerships. Mongolian government networks hold intelligence that would interest Beijing on multiple dimensions: diplomatic communications, energy negotiations, Russian-Mongolian military cooperation details, and access vectors into neighboring CIS-bloc networks.

China-aligned APT activity against Mongolia is not new. Groups including Mustang Panda (also known as Bronze President or TA416) and Tonto Team have previously targeted Mongolian entities. GopherWhisper represents a parallel operation — no code overlap, distinct TTPs, suggesting either a separate contractor group or an independent unit within China's intelligence apparatus operating a non-overlapping portfolio.

The timing of ESET's discovery is also notable. Initial LaxGopher deployment was detected in January 2025, but Discord C2 channels show activity dating to November 2023. The group operated undetected for at least 14 months before exposure. The public disclosure arriving in April 2026 means the group has now had another year since initial detection to retool and pivot.

Technical Analysis: Seven Tools, Zero Trust in Your Own Infra

GopherWhisper's toolkit is architecturally diverse — a sign of a mature development operation rather than a single-tool threat group. Seven distinct components have been identified, each with a defined role in the kill chain.

The Delivery Chain

JabGopher is the entry point injector. It spawns a new instance of svchost.exe and injects LaxGopher — disguised as whisper.dll — into the process memory. This is a textbook process hollowing / DLL injection pattern, but the choice of svchost.exe is deliberate: endpoint tools that filter on process name rather than behavior will miss the injection entirely, since svchost is a perpetually active and trusted Windows system process.

The name whisper.dll — which seeded GopherWhisper's cluster name — is itself an OPSEC tell. A non-standard DLL name in a svchost context should trigger alert in any mature EDR configuration. Whether defenders will catch it depends entirely on whether they're correlating loaded modules against a baseline.

Primary C2 Backdoors

LaxGopher is Go-based and communicates exclusively through a hardcoded private Slack workspace. It sends commands via cmd.exe, captures stdout/stderr, and publishes results back to a configured channel. Additionally, it functions as a downloader: operators can push further payloads through the Slack C2 channel, making LaxGopher effectively a staging agent for additional implant deployment.

RatGopher mirrors LaxGopher's architecture but routes through Discord instead of Slack. This redundancy is deliberate — if one platform's token is burned, the other remains operational. The Discord server recovered by ESET contained not just C2 traffic but Go source code, suggesting operators were using the same Discord environment for both development testing and live operations. A significant OPSEC failure that handed researchers a development timeline.

BoxOfFriends is the most operationally creative component. It leverages the Microsoft Graph API to communicate via Microsoft 365 Outlook draft emails — messages that are written but never sent. The backdoor creates draft emails containing commands, the implant reads them, executes, then writes the results back into a different draft. No email is ever actually transmitted. No SMTP traffic is generated. From a network monitoring perspective, the only observable traffic is HTTPS to Microsoft's Graph API endpoints — traffic that is not just normal, but expected in any Microsoft 365 enterprise environment.

The Outlook account used for BoxOfFriends C2 — barrantaya.1010@outlook[.]com — was created July 11, 2024. The FriendDelivery DLL loader that deploys BoxOfFriends was compiled 11 days later on July 22, 2024. This 11-day timeline between infrastructure setup and deployment suggests a structured operational workflow, not ad-hoc development.

FriendDelivery is the DLL loader and injector that deploys BoxOfFriends. It functions as the delivery mechanism for the Outlook-based C2 tier.

The C++ Outlier

SSLORDoor breaks from the Go-first pattern. It's a C++ backdoor using OpenSSL BIO for raw socket communication on port 443. Rather than leveraging a SaaS platform, it communicates directly with attacker-controlled infrastructure. SSLORDoor handles the most sensitive file operations: drive enumeration, file read/write/delete, and upload. The separation of concerns is telling — Slack and Discord for command relay, SSLORDoor for heavy data exfiltration, keeping the most sensitive data movement off the SaaS platforms where behavioral anomalies might eventually trigger abuse detection.

Exfiltration

CompactGopher is the dedicated data collection and exfiltration tool. It filters files by extension — .doc, .docx, .jpg, .xls, .xlsx, .txt, .pdf, .ppt, .pptx — compresses them into ZIP archives, encrypts with AES-CFB-128, and uploads to file.io, a legitimate file-sharing service. The use of a public file host for exfiltration is another layer of defense evasion: traffic to file.io looks identical to an employee uploading attachments.

The Operational Intelligence Windfall: 9,000+ Messages

The most extraordinary aspect of this disclosure is what ESET was able to recover because GopherWhisper hardcoded their API tokens.

From the Slack channel: 6,044 messages dating back to August 21, 2024. From Discord: 3,005 messages with the earliest from November 16, 2023. This isn't post-incident forensics from a seized server — it's a live transcript of operator activity pulled directly from Slack and Discord's APIs using the attackers' own credentials.

What did the messages reveal?

Working hours: The overwhelming majority of commands were issued between 8 a.m. and 5 p.m. UTC+8 — China Standard Time. Activity drops sharply outside standard business hours. This is consistent with contractor or government employee operations rather than a loosely organized criminal group.

Testing behavior: The Discord server was used for both testing and live operations simultaneously, without clearing logs between phases. Researchers found early iterations of Go source code — essentially beta versions of the backdoor — alongside live C2 traffic from compromised government machines.

Operator infrastructure details: Because operators used their development machines to run test enumeration, ESET obtained details about operator VMs: VMware-based environments, boot timestamps consistent with UTC+8, and Slack metadata confirming locale: zh-CN.

Development sources: Slack messages contained links to GitHub repositories that the operators used as learning resources and code references. These include repositories for Go service management, Go-based process injection (NHAS/stab), and Go encryption utilities. This is a development team that learns from public resources — not a nation-state shop with unlimited proprietary R&D resources.

Attribution: China-Aligned, But Which Desk?

ESET's attribution confidence is high but stops short of specific agency identification. The indicators are:

UTC+8 working-hour operation
locale: zh-CN in Slack metadata
VMware VM boot times consistent with UTC+8
Focus on Mongolia — a geopolitical target of primary interest to Beijing
No TTPs or code overlap with any previously known threat actor, ruling out known Chinese clusters

The absence of code overlap is itself significant. GopherWhisper is not a Mustang Panda spinoff or a Tonto Team retool. It's either a new organizational unit, an independent contractor group working for Chinese intelligence, or an existing group that has completely rebuilt its tooling. Given the sophistication of the multi-platform C2 architecture, this is not a first-time operation — whoever built this has done it before.

The group is still active. ESET's telemetry identified 12 confirmed compromised systems in the Mongolian government institution, but C2 traffic analysis indicates "dozens of other victims" whose identity and sector remain unknown. The public disclosure has almost certainly prompted a retooling operation — new tokens, new platforms, new infrastructure.

Indicators of Compromise (IOCs)

Malicious files / DLLs:

whisper.dll — LaxGopher disguised as a Windows DLL, injected into svchost.exe
FriendDelivery DLL — loader for BoxOfFriends; compiled July 22, 2024

Threat actor-controlled accounts:

barrantaya.1010@outlook[.]com — BoxOfFriends C2 Outlook account (created July 11, 2024)
Private Slack workspace(s) — accessed via hardcoded API tokens (tokens now burned)
Private Discord server(s) — accessed via hardcoded API tokens (tokens now burned)

Network / behavioral:

HTTPS outbound to file.io with AES-encrypted ZIP archives — CompactGopher exfiltration
Port 443 raw socket connections via OpenSSL BIO — SSLORDoor C2
Svchost.exe loading non-standard DLL (whisper.dll) — JabGopher injection
Microsoft Graph API calls for Outlook draft creation/modification — BoxOfFriends C2

Full IOC list: ESET GitHub → github.com/eset/malware-ioc/tree/master/gopherwhisper

MITRE ATT&CK techniques:

T1055.012 — Process Hollowing (JabGopher → svchost.exe)
T1071.003 — Application Layer Protocol: Web Services (Slack/Discord/Outlook C2)
T1567.002 — Exfiltration Over Web Service: Exfiltration to Cloud Storage (file.io)
T1560.001 — Archive Collected Data: Archive via Utility (CompactGopher ZIP/AES)
T1078 — Valid Accounts (Microsoft Graph API with hardcoded credentials)
T1136 — Create Account (Outlook account creation for BoxOfFriends)

The Lyrie Take: The Trusted Service Problem Is Now Structural

GopherWhisper didn't invent SaaS-based C2. APT groups have been abusing Dropbox, Google Drive, GitHub, and Telegram for C2 for years. What GopherWhisper illustrates is the maturation of this technique: three distinct SaaS platforms, each serving as a redundant C2 channel, with a separate dedicated exfiltration route and a backup raw-socket backdoor for when SaaS access gets blocked.

The draft-email technique via Microsoft Graph API deserves specific attention. It generates zero SMTP traffic, produces no email send events, and looks indistinguishable from a standard enterprise M365 integration. Detecting it requires monitoring Graph API calls for draft creation/modification patterns — something most organizations don't have visibility into, and most SIEM products don't alert on by default.

From a defender's perspective, this case surfaces a doctrine gap: "block the bad domain" doesn't work when the bad domain is graph.microsoft.com or discord.com. Detection has to move to behavioral analysis of API activity patterns, volume anomalies, and process-to-network correlations (why is svchost.exe making Graph API calls?).

For Lyrie's detection pipeline, this is precisely the attack surface our behavioral AI layer targets. Anomalous API access patterns from unexpected process contexts, unusual draft-folder write activity, ZIP archive creation followed by outbound HTTPS to file-sharing services — these are behavioral sequences, not signature matches.

The operational intelligence failure — hardcoding API tokens in deployed binaries — is likely a development convenience that became a catastrophic OPSEC failure. But defenders should not count on threat actors repeating this mistake. The next GopherWhisper variant will use ephemeral tokens, rotate infrastructure, and probably switch from Slack to a less-monitored collaboration platform.

Defender Playbook

Immediate actions:

1. Block file.io at the perimeter. There is no legitimate business use case for endpoint processes uploading AES-encrypted ZIP archives to an anonymous file-sharing service. Block file.io at DNS and HTTP proxy layers immediately.

2. Audit svchost.exe loaded modules. Baseline the DLLs normally loaded by svchost instances in your environment. Alert on any svchost process loading a DLL not in the approved baseline — especially from non-Windows paths.

3. Enable Microsoft Graph API audit logging. In the Microsoft Purview Audit settings, ensure MailItemsAccessed and Send audit events are enabled. Add alerting for Graph API calls that create or modify Draft mailbox items from non-interactive service accounts or from unusual process contexts.

4. Correlate process-to-network for Slack and Discord. If your organization uses Slack or Discord legitimately, that makes this harder — but not impossible. Alert on connections to Slack/Discord API endpoints from unexpected process names, especially system processes like svchost.exe, services.exe, or any process not on an approved communication baseline.

5. Hunt for whisper.dll and JabGopher injection artifacts. Run a one-time hunt across endpoints for any loaded module named whisper.dll. Broaden to any DLL with "whisper" in the name loaded by a system process.

6. IOC ingestion from ESET GitHub. Pull the full GopherWhisper IOC set from github.com/eset/malware-ioc/tree/master/gopherwhisper and push to your SIEM, EDR, and firewall block lists.

Strategic posture:

7. Treat SaaS-as-C2 as a permanent threat category. Update your threat model to include Slack, Discord, Teams, Outlook, Google Workspace, and file-sharing services as potential C2 channels. Evaluate whether your detection tooling has behavioral coverage for API-layer abuse in each.

8. Apply Go binary detection heuristics. Go binaries have distinct characteristics (stripped symbols, embedded runtime, characteristic section layouts). Tune your endpoint tooling to flag unsigned or anomalously large Go-compiled binaries appearing in system directories or DLL load paths.

9. Consider restricting Graph API for third-party apps. Review your Microsoft 365 tenant's App Consent Policy. Restrict or require admin approval for third-party apps requesting Mail.ReadWrite or Mail.Send permissions — the exact scopes BoxOfFriends abuses.

Sources

1. ESET Research — "GopherWhisper: A burrow full of malware" (April 23, 2026): https://www.welivesecurity.com/en/eset-research/gopherwhisper-burrow-full-malware/

2. ESET White Paper (PDF): https://web-assets.esetstatic.com/wls/en/papers/white-papers/gopherwhisper-burrow-full-malware.pdf

3. The Hacker News — "China-Linked GopherWhisper Infects 12 Mongolian Government Systems" (April 2026): https://thehackernews.com/2026/04/china-linked-gopherwhisper-infects-12.html

4. BleepingComputer — "New GopherWhisper APT group abuses Outlook, Slack, Discord for comms" (April 30, 2026): https://www.bleepingcomputer.com/news/security/new-gopherwhisper-apt-group-abuses-outlook-slack-discord-for-comms/

5. ESET Malware IOC Repository: https://github.com/eset/malware-ioc/tree/master/gopherwhisper

Lyrie.ai Cyber Research Division — Senior Analyst Desk