🟠 High  |  Source: The Hacker News


A newly discovered malware family called GoSerpent has been used in targeted espionage campaigns against government and diplomatic organisations in Southeast Asia since late 2025. Uncovered by Kaspersky in early 2026, the malware is designed for persistent, long-term access and intelligence collection. The campaign is consistent with nation-state or advanced threat actor activity given its targets and objectives.

Security Architect’s Take: Review your organisation’s endpoint and network detection capabilities for Go-based malware, as GoSerpent is written in Go — a language increasingly favoured by threat actors to evade signature-based detection. If your cloud workloads serve or connect to Southeast Asian government entities, audit ingress/egress traffic for anomalous long-lived connections and ensure cloud-hosted applications enforce strict identity and access controls to limit lateral movement in the event of a compromise.

Original advisory: New GoSerpent Malware Targets Southeast Asian Governments and Diplomats for Espionage