Researchers have identified a recent cyber espionage campaign by a China-linked threat actor dubbed "UNK_SweetSpecter," which aims to harvest generative artificial intelligence (AI) secrets from experts in the United States. The threat actor targets AI experts using a remote access trojan (RAT) malware called SugarGh0st.  SugarGh0st infiltrates the systems of a highly selective list of AI experts from different verticals such as tech companies, government agencies and academic institutions. The SugarGh0st RAT was originally reported in November 2023 but was observed in only a limited number of campaigns. It is a custom variant of the Gh0st RAT, a tool that was first publicly attributed to a Chinese threat group in 2008. Researchers suspect that the threat actor UNK_SweetSpecter is likely of Chinese origin.

Spear-Phishing SugarGh0st Campaign Targets AI Experts

Proofpoint researchers discovered that the targets of this campaign were all connected to a leading US-based AI organization and were lured with distinct AI-themed emails. The infection chain began with a seemingly innocuous email from a free account, claiming to seek technical assistance with an AI tool. The attached zip file contained a shortcut file (LNK) that deployed a JavaScript dropper upon access. This dropper included a decoy document, an ActiveX tool for sideloading, and an encrypted binary, all encoded in base64. The infection chain ended with SugarGh0st RAT being deployed on the victim's system and communication being established with the attacker's command and control server. Analysis of the attack stages revealed that the group had shifted their C2 communications from an earlier domain to a new one, indicating their detection evasion motives. While the malware itself is relatively unsophisticated in it's attack chain, the targeted nature of AI the campaign makes it significant, the researchers noted. The SugarGh0st RAT was previously used in targeted campaigns in Central and East Asia.

Potential Motivations, Attribution and Context

Although direct attribution to a specific nation-state is challenging, researchers concluded the presence of Chinese language artifacts and the precise targeting of AI experts suggest a possible link to China-linked threat actors. The campaign also coincides with the U.S. government's efforts to restrict Chinese access to generative AI technologies. The new regulations established by the Biden administration would likely restrict the export of AI models, and their data to countries it deemed hostile to U.S. interests, such as Russia, China, North Korea and Iran. The Chinese Embassy labeled the action as economic coercion and unilateral bullying. Earlier in February, Microsoft reported observing Chinese, Russian, North Korean and Iranian threat actors' attempting to leverage AI tools from big tech AI companies like OpenAI for their campaigns. The report indicated that Chinese threat actors used AI tools to boost their technical prowess such as the development of tools and phishing content, while the Russian threat actors were observed researching  satellite and radar technologies possibly related to the war in Ukraine. With the regulatory efforts aimed at restricting proprietary/closed-source AI models, researchers theorize that this campaign is likely an attempt by a China-affiliated actor to harvest generative AI secrets via cyber theft before the policies are enacted. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.