Threat Actor

Sweet Specter

Description

Sweet Specter is a group with alleged ties to The People's Republic of China. In October of 2024, a report by OpenAI documented Sweet Specter trying to spear phish OpenAI employees to install the SugarGh0st RAT as well as using ChatGPT for vulnerability research and scripting assistance. Ultimately their goal was to exfiltrate information for corporate espionage.

Sweet Specter is believed to be affiliated with APT27 (Iron Taurus), Twill Typhoon (Stately Taurus), and Leopard Typhoon.

Common Vulnerabilities and Exposures

Targeted Industries

Artificial Intelligence
Government

Objectives

Exfiltration of data on Artifical Intelligence companies, corporate espionage.

Known Tools Used

SugarGh0st RAT
Sweet Specter
Tunnel Specter

Known Infection Vectors

CVE-2021-26855 (ProxyLogon)
CVE-2021-34473 (ProxyShell)
Email

References

Influence and cyber operations: an update (OpenAI)
https://cdn.openai.com/threat-intelligence-reports/influence-and-cyber-operations-an-update_October-2024.pdf

5567

Published

May 26, 2026

Threat Actor Type

Nation-State

Protect

Detect

Respond

Recover

Identify

Network Security

Cloud & Application Security

Endpoint Security

Security Operations

Threat Actor

Sweet Specter

Description

Common Vulnerabilities and Exposures

Targeted Industries

Objectives

Known Tools Used

Known Infection Vectors

References

Active CVEs

Research Center

Services

Protect

Detect

Respond

Recover

Identify

Network Security

Cloud & Application Security

Endpoint Security

Security Operations

Threat Intelligence Center

Support Center

Resource Center

About

Threat Actor

Sweet Specter

Description

Common Vulnerabilities and Exposures

Targeted Industries

Objectives

Known Tools Used

Known Infection Vectors

References

Active CVEs

Threat Intelligence
Center