What does GopherWhisper actually do?

GopherWhisper is a hacking group that uses legitimate online services like Slack and Discord for its command-and-control operations and data theft, making their attacks harder to detect.

Will this mean I can't use Slack or Discord anymore?

No, you'll likely still be able to use these services. However, this highlights the need for enhanced security monitoring by the service providers and increased vigilance from users and organizations, especially government entities.

Is my data on file.io safe?

file.io is a legitimate file-sharing service. GopherWhisper specifically abused its public REST API. While the service itself isn't inherently insecure, attackers can exploit its features for malicious purposes. Standard security practices like not sharing sensitive data publicly remain essential.

🌐 Nation-State Threats

China APT 'GopherWhisper' Abuses Cloud Services [New Tactic]

Think your data's safe because it's tucked away in the cloud? Think again. A new hacking outfit from China is proving that the digital tools we rely on can just as easily become our undoing.

Threat Digest Apr 25, 2026 5 min read

Abstract digital network lines representing cyber attack pathways.

⚡ Key Takeaways

China-linked APT group GopherWhisper is using legitimate services (Slack, Discord, Microsoft Graph API) for C&C and data exfiltration. 𝕏
This 'shadow infrastructure hacking' tactic makes attacks harder to detect by blending in with normal network traffic. 𝕏
The group has deployed various tools including LaxGopher, CompactGopher, RatGopher, and BoxOfFriends, targeting government entities. 𝕏