HOMETHREATSSneakyChef
APT / THREAT GROUP

SneakyChef

🇨🇳China-attributed
1
campaigns
1
aliases
Last seen:Mar 17, 2026

Intelligence Profile

SneakyChef is a threat actor known for using the SugarGh0st RAT to target government agencies, research institutions, and organizations worldwide. They have been active since at least August 2023, with a focus on leveraging old and new command and control domains. The group has been observed using lures in the form of scanned documents related to Ministries of Foreign Affairs and embassies. Talos Intelligence assesses with medium confidence that the operators are likely Chinese-speaking based on language preferences and specific targets.

Threat Analysis

SneakyChef is a known-sophistication threat actor attributed to China, engaged in cyber operations with a primary motivation of unknown activity patterns.

Known Campaigns

SneakyChef — Active Operations March 2026

SneakyChef is a unknown-motivation threat actor attributed to China. SneakyChef is a threat actor known for using the SugarGh0st RAT to target government agencies, research institutions, and organizations worldwide. They have been active since at least August 2023, with a focus on leveraging old and new command and control domains. The group has b...

ACTIVEMEDIUM2026

External References

Quick Facts

TypeAPT / Threat Group
Origin🇨🇳 China
Aliases1
SourceMalpedia

Also Known As

SneakyChef

Research Links

Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.